Charles Mok, Internet Society Hong Kong's founding chairman, agrees more awareness is needed: 'There's an apparent disconnect between Hong Kong people's high interest in using online and mobile payment methods with their low awareness and readiness to protect themselves against the potential risks.'

In short, we're burying our heads in the sand, though we seem to be more cautious when using our smartphones to make payments. More than two-thirds of respondents enjoy the convenience and efficiency of making transactions from a smartphone, but just one-fifth of people think that using a mobile phone to make payments is secure. What's more, only one in eight is willing to spend more than HK$500 using mobile payment.

What can save us from the hassle of remembering - and remembering to change - so many passwords? Technology is creeping into online banking; some banks have sent out card readers to customers that use existing chip-and-PIN information, while most of us will have received text messages and automated phone calls to authorise an online banking transaction.

'Most individual validation is based on something you have, something you know, and something you are,' says Robert Mackenzie, a partner in Business Technology and Consulting at accountancy firm Scott-Moncrieff. 'The first two are tried and tested ... but new solutions need to be cheap, more robust and more reliable.'

Shouldn't we be using fingerprint scanners, breath analysers, visual passwords or even face recognition technology on our computers and smartphones by now? The technology exists, but a lack of trust and a lack of standards is the reason we're not.

'Everyone has an inherent trust of fingerprints, from the past 50 years of crime movies,' says Mackenzie. 'But there is no easy way of guaranteeing the origin of the device or the software being used to check the fingerprints on the home device and linking this back to the bank's own security metrics.' In short, the software behind scanners can be hacked to reveal an individual's fingerprint, so the technology has never been commercially released.

Breath analysis is technically difficult and expensive, and the possibility of guessing visual passwords (you would touch various points on a picture of loved ones' face, for example) puts that idea out of the picture for financial institutions. Face recognition, however, could be on the cards. 'It seems to have the potential to be made more reliable, and there is good standardisation over cameras, picture and video imaging in the IT and telecoms industry,' says Mackenzie.

For now, however, we'll have to rely on passwords. Sorry, but they do need to be changed regularly - some say every 30 days, others six months - and should be different for each major website and account (prioritise your e-mail, banking and social media passwords, and make sure each is unique). Avoid obvious words or anything at all that could be guessed from your other data, such as Facebook page or e-mail sign off, and review the privacy settings on your social media pages so you know exactly who may access your personal contact information.

Surname and birth year? About 12 seconds to crack. The name of your pet? Even less. Try an eight-digit password with lots of numbers, symbols, upper and lowercase letters, as anything else takes just seconds for a hacking tool to work out.

How you pay online can also help. For all online purchases use a credit card that insures you against online fraud, a debit card tied to an account with limited funds in it, or PayPal. All protected by rock-like, ever-changing passwords, of course. Write them down and secure them if you have to.