When it comes to safeguarding personal information online, many people leave their virtual keys in the front door. Research from internet security firm Webroot, uncovers common password practices that are putting consumers’ identities and their wallets at risk.

In a survey of more than 2,500 individuals across the US, UK and Australia, the most commonly used password-protected sites among consumers are banks (88%), personal email accounts (86%), and Facebook (72%) – all of which are rife with sensitive information.

Among the findings:
- Four in 10 respondents shared passwords with at least one person in the past year.
- Nearly as many people use the same password to log into multiple websites, which could expose their information on each of the sites if one of them is compromised.
- Almost half of all users never use special characters, such as ! ? & # in their passwords, which would make it more difficult for criminals to guess passwords.
- Two in 10 have used a significant date or a pet’s name as a password – information that’s often publicly visible on social networks.

“We’re seeing between 40,000 to 100,000 new samples of malware emerge daily and in most of those cases the motivation behind the malware is financial,” said Jeff Horne, Director of Threat Research at Webroot.

“In fact, earlier this month Zbot, a Trojan known to steal passwords, led to the loss of $70m from its victims. Using good password and security practices will help thwart similar attacks: Make a common practice to never store your password in a browser or FTP site, and have reputable, up-to-date antimalware protection in place.”

What Can You Do?
Make Your Password Unique: As a critical line of defence, choose passwords wisely. Incorporate numbers, letters and special characters such as !, $, /, and * to strengthen your password. Form a password using letters, numbers and figures in a memorable sentence.

Use one password for one site: Once you've created a unique password, use it only for one website or one service. If you use the same password everywhere, you open up a gateway to the information stored on each of your password-protected sites if one of them is compromised. In addition, don’t write down passwords and store them for your own recall on a notepad or in a Word document, both of which leaves them vulnerable to prying eyes. For help, use a password management tool.

Not sharing is caring: Never share any password with anyone - not your boss, your best friend, your cousin, your significant other or your spouse. Once a password is out of your control, you don't know how it will be used. If you’ve shared a password, to regain control of your account change the password.

Change your passwords periodically: Change the passwords you use most frequently, and never keep the same password on any account for more than a year even if you rarely use the site. For help, a good password manager feature will remind you when it's time to switch it up.

Say no when browsers offer to save your password: Website browsers such as Firefox and Internet Explorer have a feature which lets users save passwords for later use. The most widely distributed password stealing Trojans, including Zbot and SpyEye, know where to look and how to steal that information if you get infected. This also applies if you use an FTP client.

Any account can be valuable to a criminal: Criminals use other people's identities for many purposes other than draining your bank account. Any old, unused free account on a message board, webmail service, or social network can be hijacked for fraud. When you plan to quit a service or forum, change your password so criminals can't use your account for clickfraud, black hat SEO, or to try to convince your friends and family that you're stuck far from home and need a wire transfer to return.