Automatic logins are leaving people vulnerable to hacking across multiple devices, according to security firm Intercede.
A survey by the firm revealed three-quarters of people leave themselves logged in to social media and email accounts on their mobiles, while around a quarter enabled similar features for mobile banking or PayPal.
Richard Parris, chief executive of Intercede, said: "Keeping your Facebook, Gmail, shopping and financial accounts automatically logged in might be convenient for consumers, but it's leaving the back door wide open to hackers.
"Consumers are more wary about clicking 'Remember me' when it comes to online banking and financial apps, but cyber criminals don't necessarily need access to your bank account or credit card details to commit identity theft."
Though half of those questioned used a PIN to access their phone, more than a quarter admitted knowing the login details to a mobile belonging to a friend, family member or colleague.
"[Passwords] are increasingly not fit for purpose," Parris added. "They do not offer proof of a person's identity and are easily lost, stolen or hacked, leaving consumers at risk of identity theft.