All the latest UK technology news, reviews and analysis
|
|
|
03 Feb 2010
A report into the security of internet banking systems has found that one of the biggest problems is the reuse of log-in passwords on multiple sites.
Online security firm Trusteer monitored over four million computers for a year, and found that 73 per cent of internet banking customers used the same password for their online banking services as they did for other, less secure, sites.
"Using stolen credentials remains the easiest way for criminals to bypass the security measures implemented by banks to protect their online applications, so we wanted to see how often users repurpose their financial service user names and passwords," said Amit Klein, chief technical officer at Trusteer, and head of the company's research organisation.
"Our findings were very surprising, and reveal that consumers are not aware, or are choosing to ignore, the security implications of reusing their banking credentials on multiple web sites."
The Reused Login Credentials report (PDF) found that part of the blame lies with banking web sites that allow users to choose their own IDs, as almost two thirds of customers use the same ID for other sites. This figure falls to less than half when users are allocated an ID by the bank.
The research also found that nearly half of banking customers use their ID and password for a non-financial web site.
The use of the same password for multiple sites raises serious security risks. If a hacker can get one password from a less secure web site by a 'brute force' dictionary attack, for example, there is a good chance that it can be used on other sites.
Latest stories from Security
Related videos
Related articles
Related jobs
Poll
What will be the biggest change to corporate technology in the future?
TFL director of Games transport Mark Evers discusses how the public transport network is preparing for this summer's event
Connect with V3.co.uk
The wrong printers, for the wrong tasks on the wrong contracts
Who leads the BI pack and who should we be watching out for?
C#/Java/C++ Algorithmic Developer/Programmer Skill...
We are looking for a talented junior java web developer...
OO Developer/Programmer, Greenfield Trading Software...
C++ Developer - Core Technology - Low latency Real Time...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Password reuse
I work with many "Silver Surfers" who like to use the internet for all kinds of reasons. having to have many passwords is often a major problem. We know that keeping a hard copy is frowned on by banks. how do you sugest they remember them. I know that they will all have at least a very strong password. What more can i tell them.
Posted by: trevor Keeler 05 Feb 2010
Best practice to avoid weak passwords
This underlines the importance of differentiating the passwords you use between web sites, applications and devices. It also underlines the necessity to use passwords that are not obvious or simplistic, or follow obvious keyboard patterns. Using the same, easy username and password across everything is far from being a sensible practice, but we understand why people do it when faced with remembering and using a multitude of different usernames and passwords on a daily basis. Yet taking such a serious risk is not necessary. Technology is readily available, including Courion?s PasswordCourier, to automate and manage password creation, password changing and password reminders, so that legitimate individuals who forget a challenging password for a particular web site can get a reminder or new credentials without creating more work for the IT department. These automated solutions also help enforce best practice in creating and using strong passwords. As a bare minimum, individuals should follow these three steps, at work as well as at home, to ensure access remains secure and data remains safe: ? Set sensible passwords that pose a challenge ? Use different passwords for different sites and services ? Regularly change your passwords By following these steps, you can not only improve your personal and company data security by making it harder for opportunistic individuals to access your accounts, but also ensure that your exposure to the knock-on effects of a data breach is minimised.
Posted by: Stuart Hodkinson, General Manager, Courion 03 Feb 2010