Most folks believe that when they logon to a https site their username and password are securely encrypted. Subscriber Michael Horowitz argues that this is not necessarily so and I fully agree with him. It’s an interesting read for computer users at all levels.
It is secure provided the login page is an https page.
Not what many do have you login on a normal http page where the data you input isn’t encrypted (and available) and then transmitted to a secure page once login checks have been carried out.
It also depends on what the levels of security check are, my bank has multiple levels, the first page is just http but you don’t enter all your login details here just a partial one, this is validated and if OK you are passed to an https page where you complete another level of checks. Only when this validates do you get into your account management.
Unfortunately many people haven’t got a clue about security so no matter what is introduced it is only as god as the weakest link, often the user. With lax security you could have a key logger on your system which would completely negate any on-line security, the same is true of phishing and social engineering scams, etc.
So a one step/level login is weaker than multi-level login/security, the same being true of your general system security.
It is a good article mind you, to make the average user more aware of security.
My bank, one of the largest in Canada, use https for its entire site, even for news, notices etc. before logging into an individual account. So it’s reasonable to assume they’re quite knowledgeable about what’s secure and what isn’t.