But everyone else does it!
This is apparently one of the excuses some banks are using to explain why they aren't using SSL and HTTPS to secure communications via their online customer access websites. And even some of those who do use encryption don't make any attempt to authenticate the client-server connection. Without the authentication process, the fact that communications are encrypted mean almost nothing. More on this here.
These are BANKS we're talking about here. The same organizations that you entrust to safeguard your money, and some of them aren't lifting a finger to secure communications to prevent fraud. If their response is "but it'll cost too much" or some other nonesense, then we can discuss this further. But when they say the below, something is seriously wrong.
Signing on to secure sites from an unsecure page is a common industry practice, and not unique to Navy Federal. You may see this same functionality at other Web sites
They're like ignorant children. Do we really need to re-quote the "just because everyone else jumps off a cliff sans-parachute doesn't mean it's a great idea" story to these "professionals"? I don't know about you, but I'd rather have conscious professionals guarding my finances instead of the lemmings some of these people seem to be.
Read More (via Schneier's blog)