Is it the end of the password as we know it?

Share
Andrew Shikiar, Executive Director of the FIDO Alliance, calls time on the password and provides practical steps for those worried about their accounts.

A massive cache of 225 million stolen passwords was recently uncovered by the UK’s National Crime Agency (NCA). The NCA recovered the database from cyber-criminals who had collected real users' email addresses and passwords.

Andrew Shikiar, Executive Director of the FIDO Alliance, says the recent news has only cemented his company's belief that the world needs to get rid of the password problem. Fido Alliance is working in partnership with some of the world's biggest organisations including Apple, Google and Microsoft to rid the world of passwords.

“As 2021 nears its close, the news of these passwords from the NCA is yet another reminder that the primary tool used to secure accounts for billions of people worldwide (the password) is fundamentally flawed. Even a complex password can and eventually will be stolen and then find its way to the dark web – where hackers can purchase credential pairs for pennies and will then programmatically ‘stuff’ them into valuable accounts.

"The only way to stop this cycle is to break our dependence on passwords and other forms of knowledge-based authentication in favoUr of tools such as on-device biometrics and security keys – approaches that don’t require sending human-readable text to a server. One of the authentication highlights of 2021 was seeing Microsoft enable hundreds of millions of Microsoft Account users to get rid of their passwords – we’re looking forward to seeing more service providers following suit in 2022.

“In the interim, those concerned about their accounts being compromised in this latest security breach should check haveibeenpwned.com and immediately change their passwords on any other accounts that may share the same password. We urge service providers to immediately enable MFA - ideally possession-based approaches that are easier for consumers to leverage. Consumers should take advantage of passwordless authentication or two-factor authentication methods if offered by your online service providers, as these are the best approaches to protect your online accounts.”

 

Share

Featured Articles

SonicWall and CrowdStrike Unite for SMB Security Service

SonicWall partners with endpoint protection specialist CrowdStrike to offer managed detection and response capabilities through managed service providers

FS-ISAC CISO Talks Cyber Strategies for Financial Providers

FS-ISAC CISO JD Denning explains the cyber strategies financial providers need to adopt in order to stay afloat in the wave of cyber attacks

Darktrace Reports 692% Surge in Black Friday Cyber Scams

AI cybersecurity firm Darktrace reveals increase in brand impersonation attacks targeting retailers, with holiday-themed phishing attacks rising 327%

KnowBe4 Launches AI Agents to Counter Phishing Threats

Technology & AI

Gen Reports 614% Rise in Command Prompt Manipulation Scams

Cyber Security

SAVE THE DATE – Cyber LIVE London 2025

Cyber Security