Most people use the same passwords for numerous accounts.
For years computer security experts have been preaching that users should never share the same password across their connected lives -- at online banking sites, at Amazon, on their Web mail services, even on their cell phones. Apparently, most people ignore that advice.
A new study by security firm Trusteer found that 73 percent of Web users take their online banking password and use it at other Web sites. And about half of all consumers utilize the same password and user name at online banking sites and other sites.
"I must say I was very surprised,” said Amit Klein, chief technology officer of Trusteer. “It is surprisingly sad that such a large portion of users use their banking credentials at other sites. ... It exposes those users to attacks that would otherwise be impossible. I thought that people would take banking credentials more seriously, but it turns out that in this digital age, this is not the reality."
When consumers use the same password across multiple sites, hacking becomes trivially easy. If a criminal breaks into a smaller Web site -- say a site created by a local grocery store -- and grabs a cache of passwords, their next step is always the major banking Web sites. When you consider that 40 percent of U.S. consumers' checking accounts are tied up in the four largest banks, odds are good that the stolen credentials will work for in one of them.
Link:
http://redtape.msnbc.com/2010/02/for-years-computer-security-experts-have-been-preaching-that-users-should-never-share-the-same-password-across-their-connecte.html#posts