A study has shown that internet users do few favors for themselves and re-use passwords for social networking sites on online banking sites too.
Trusteer sampled four million users of its browser security service - many of whom, it said are customers of the biggest North American banks.
Incredibly, many of them use their login credentials for online banking and other financial services to login to other sites on the internet.
An astonishing 73 percent of the people surveyed their banking password to login to other sites while nearly half just use the same password for both serious and recreational browsing.
The danger is, Trusteer says, is that the re-use of online banking credentials is exploited by crooks who find it easy to harvest the logins from webmail and some social network websites. Once they've got the passwords and usernames, the criminals start systematically trying to login to bank accounts to see if users are as dumb as they appear to be.
Amit Klein, the chief technology officer of Trusteer said: "Our findings show that consumers are not aware, or are choosing to ingore, the security implications of re-using their banking credentials on multiple websites."
Trusteer offers some guidelines for web surfers. You should keep at least three sets of credentials, one to be used only for financial websites, the second for nonfinancial websites that hold information about your identity and the third for non-sensitive websites.
It also has some advice for financial institutions - educate customers and set their risk engines to higher sensitivity.