Security technology keeps up, but organizations are unwilling to implement more security because it almost always spells reduced convenience. It is well-known that security/convenience are tradeoffs. You cannot often have both at once. So your bank, in order to make it convenient for you to log in, gives everyone reusable passwords, even though their IT professionals would never log into their intranet servers over an unencrypted connection without two-factor authentication and all the trappings. You see, their own internal data is more important to them than your money as a consumer. It’s a sad fact of life. It doesn’t seem that people learn from massive hack attacks like this. They should be learning that reusable passwords are passé, and if they only knew there was something better out there, they would be demanding it.
I have a friend who works at Valve Software, you know, the guys who make the Steam MMOG client? It is often said among my friends that Steam has better user account security than most banks. Steam offers two-factor auth. They have for a long time. They realize that gamers are serious power users, and they recognize that often gamers invest a lot in their electronic assets. So they properly protect them and give their audience the extra security necessary to do it. There are a lot more companies that should be following this lead, but are not. It’s quite sad for me to see.