Is it the end of the password as we know it?

Andrew Shikiar, Executive Director of the FIDO Alliance, calls time on the password and provides practical steps for those worried about their accounts.

A massive cache of 225 million stolen passwords was recently uncovered by the UK’s National Crime Agency (NCA). The NCA recovered the database from cyber-criminals who had collected real users' email addresses and passwords.

Andrew Shikiar, Executive Director of the FIDO Alliance, says the recent news has only cemented his company's belief that the world needs to get rid of the password problem. Fido Alliance is working in partnership with some of the world's biggest organisations including Apple, Google and Microsoft to rid the world of passwords.

“As 2021 nears its close, the news of these passwords from the NCA is yet another reminder that the primary tool used to secure accounts for billions of people worldwide (the password) is fundamentally flawed. Even a complex password can and eventually will be stolen and then find its way to the dark web – where hackers can purchase credential pairs for pennies and will then programmatically ‘stuff’ them into valuable accounts.

"The only way to stop this cycle is to break our dependence on passwords and other forms of knowledge-based authentication in favoUr of tools such as on-device biometrics and security keys – approaches that don’t require sending human-readable text to a server. One of the authentication highlights of 2021 was seeing Microsoft enable hundreds of millions of Microsoft Account users to get rid of their passwords – we’re looking forward to seeing more service providers following suit in 2022.

“In the interim, those concerned about their accounts being compromised in this latest security breach should check haveibeenpwned.com and immediately change their passwords on any other accounts that may share the same password. We urge service providers to immediately enable MFA - ideally possession-based approaches that are easier for consumers to leverage. Consumers should take advantage of passwordless authentication or two-factor authentication methods if offered by your online service providers, as these are the best approaches to protect your online accounts.”

 

Share

Featured Articles

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Discover the latest in global technology and connectivity at MWC Barcelona 2024, where industry giants converge to discuss 5G, AI and more industry trends

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Research from Egress Threat Intelligence, Avast, Cequence Security & KnowBe4 outlines how AI is being used in dating app phishing scams on Valentine’s Day

Speaker Lineup Announced for Tech Show London 2024

Technology & AI

Darktrace predicts AI deepfakes and cloud vulnerabilities

Cloud Security

Secure 2024: AI’s impact on cybersecurity with Integrity360

Technology & AI