Despite predictions on the death of passwords…it gets its own day of celebration
World Password Day came on went on the annual celebration day on the first Thursday of May.
Although Bill Gates predicted the death of passwords more than a decade ago, Microsoft ended up releasing an identity management solution to help companies overcome their password issues.
Experts have been trying to kill passwords with biometrics and other complicated authentication techniques, but the need for remains one of the most affordable, easy, and secure methods of authentication around the globe.
Security vendor Bullguard said in a blog World Password Day is a 24-hour warning to take care of your passwords because they’re vital to your digital protection.
“However, judging by some of the passwords in use it’s fair to say the message isn’t getting through to lots of people,” wrote the vendor.
For a sense of scale something like 10,000 of the most common passwords allow access to 98 per cent of all accounts. In other words, most people are using the same passwords and many for years at a time.
According to Bullguard:
- Only last year a single seller offered 617 million online account details stolen from 16 hacked websites including passwords.
- Only a few weeks ago more than 500,000 Zoom accounts and passwords were discovered for sale on the dark web and in hacker forums.
- Industry analysts reckon that in total there is something close to 9.5 billion passwords and 10.5 billion email accounts for sale on the dark web.
The security vendor wrote, the dark web is a part of the internet hidden to most users and search engines.
“Criminals and identity thieves buy and sell stolen passwords and personal information on the dark web and if your passwords and personal information have ever been lifted in a data heist you need look no further than this submerged repository of stolen stuff.”
Bullguard says the majority are used in credential stuffing attacks which is still a form of identity theft.
“The attackers are hoping to break into an account either to access payment card details or to make fraudulent purchases,” wrote Bullguard.
“In a credential stuffing attack, a hacker loads up a database with as many usernames passwords as he or she can get their hands on.”
According to Bullguard, these login credentials are fed into an automated hacking tool that blitzes a website.
“People rarely use completely random passwords they can often and easily access accounts. It’s a bit like a key ring, the more keys there are the more likely it is that an attacker will find one that unlocks your account.”
Brett Beranek, vice-president and general manager, Security and Biometrics at Nuance said the security vendor has witnessed a significant rise in the volume of fraud attacks – ranging from “200 per cent – 400 per cent” in the past few weeks, depending on industry.
“From social engineering to email phishing and the creation of bogus websites, fraudsters are taking advantage of any lowered defences during the COVID-19 pandemic — pressing on the security of traditional knowledge-based PINs and passwords,” he said. “With online activity skyrocketing and organisations tasked with supporting remote workers without compromising security, the role of biometrics has become paramount.”
Beranek said this year’s World Password Day should be a call for caution, as fraudsters test vulnerabilities in organisations’ new digital operating models and look to take advantage of fearful consumers.
“But it must also be a moment to recognise that with uncertainty often comes innovation and that innovation could be what redefines how we are protected in the future,” he said.
Simon Marchand chief fraud prevention officer, Security and Biometrics at Nuance said, as consumers react to the growing volume of fraudulent activity – especially around the coronavirus – they will demand better protection from the companies with whom they do business.
“Many will even start to take matters into their own hands – moving away from services that rely on archaic methods, such as passwords, to safeguard their data and toward more innovative approaches like biometrics,” he said.
Balancing consumer convenience and ease of access with strong security measures is a balancing act organisation must do on an ongoing basis and today that continues to ring true.
“With more consumers using digital channels to do business, they expect a certain level of security but also do not want to be frustrated by the process,” he said. “Passwords not only cause consumer frustration, but they are also inherently insecure, and this World Password Day it’s time to change how we think about authentication.”