Consumers Tend To Re-Use Financial Logins Elsewhere: Study

February 2 2010 by in Uncategorized |No Comments

Hot on the heels of one study that found that users are still using way-too-easy passwords (like the most popular, 123456), a new study by Trusteer shows that nearly three-quarters of users use online account password to access other websites, and that nearly half use both their online banking user ID and password to login elsewhere on the Web.

The exact numbers were 73 percent and 47 percent, respectively. Trusteer generated its findings through its Rapport security software, which prevents users from entering their banking credentials into non-banking (phishing?) websites.

Rapport was used to study the behavior of 4 million computer users during a 12-month period. The key findings of the report (full report, .PDF here) were:

  • 73% of users share the passwords which they use for online banking, with at least one nonfinancial website
  • 47% of users share both their user ID and password with at least one nonfinancial website
  • When a bank allows users to choose their own user ID, 65% of users share this ID with nonfinancial websites
  • When a bank chooses the user ID for its customers, 42% use the bank issued user ID with at least one other website

All bad stuff to do, right? At least, if you are worried about your financial information. Of course, it’s obvious that consumers are taking this route because they are afraid that they will not remember their credentials.

Of course, nowadays many financial institutions add other layers of security, asking a consumer to answer one or more challenge questions (such as where you met your spouse, your first pet’s name, etc.).

Trusteer recommends that consumers maintain at least three username / password combinations.

  • the first set should be used only with financial websites;
  • the second set should be used with non-financial sensitive websites that hold information about your identity;
  • the third set should be used with non-sensitive websites that do not maintain confidential information about the user.

Of course, you could always break down and buy a software package such as Roboform, which maintains a single “master” password and allows you to keep track of different credentials at different sites. There are also solutions such as LastPass, which are free.
URL

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

« »