Originally Posted by
Geordie405
I have to agree with
SarahWest on this. It is basic network security 101 that you should use complex, random, unique passwords and, where possible, leverage MFA. Using separate e-mail addresses for each site is an added layer of security but not everyone has their own domain nor, perhaps, the time or inclination to set up a separate e-mail address for every online vendor. By using a unique password you avoid the situation where a username / password combination harvested from a breach at one site (or guessed - people still continue to use simple, easy to guess passwords) can be used across multiple sites. If I use the same username / password combination across multiple sites then I have only myself to blame for the consequential loss. The hacking of the first site may be outside of my control but the use of the same username / password subsequent to that is, in my view at least, all down to me..
I agree 100% that these precautions need be taken. Apart from strong passwords and separate emails for different sites, specific devices are to be used exclusively for Banking and financial activities and not for browsing online so that those are recognized by the security architecture. I don't trust the password manager sites as those could be breached too and will then give up *every one* of the site/password combinations stored in them.
My point was that we can't expect ALL people to be so technologically aware. There will be some who are not able to do so for various reasons e.g. time constraints, medical conditions, maturity etc. That should not result in their getting blamed for a breach they didn't initiate.