No password recycling!

The majority of online banking customers reuse their online banking login credentials on other websites, according to a new survey.

Online security firm Trusteer reports that 73% of bank customers use their online account password to access at least one other, less sensitive website. Even worse, around half (47%) use the same online banking username and password for other website logins.

The survey also found that when a bank permits users to pick their own user ID, 65% will re-use this username with a non-financial website, a figure that drops to 45% even if a bank chooses the user ID for its customers.

This dismal password security practice means that if cybercrooks trick a user into giving away his login credentials for a social networking site, for example, they stand a very good chance of getting into webmail and online banking accounts for the same person, potentially bringing about crippling financial losses as a result.

Trusteer advised consumers to keep at least three sets of credentials: one that's only used with financial websites, the second for websites that hold information about a user's identity, and the third set for other less sensitive websites. That's certainly a start, but web users also need to think about using hard-to-guess passwords able to withstand brute force dictionary password cracking attacks commonly used by even minimally-skilled cybercroooks.

Source: The Register.