Is it the end of the password as we know it?

Andrew Shikiar, Executive Director of the FIDO Alliance, calls time on the password and provides practical steps for those worried about their accounts.

A massive cache of 225 million stolen passwords was recently uncovered by the UK’s National Crime Agency (NCA). The NCA recovered the database from cyber-criminals who had collected real users' email addresses and passwords.

Andrew Shikiar, Executive Director of the FIDO Alliance, says the recent news has only cemented his company's belief that the world needs to get rid of the password problem. Fido Alliance is working in partnership with some of the world's biggest organisations including Apple, Google and Microsoft to rid the world of passwords.

“As 2021 nears its close, the news of these passwords from the NCA is yet another reminder that the primary tool used to secure accounts for billions of people worldwide (the password) is fundamentally flawed. Even a complex password can and eventually will be stolen and then find its way to the dark web – where hackers can purchase credential pairs for pennies and will then programmatically ‘stuff’ them into valuable accounts.

"The only way to stop this cycle is to break our dependence on passwords and other forms of knowledge-based authentication in favoUr of tools such as on-device biometrics and security keys – approaches that don’t require sending human-readable text to a server. One of the authentication highlights of 2021 was seeing Microsoft enable hundreds of millions of Microsoft Account users to get rid of their passwords – we’re looking forward to seeing more service providers following suit in 2022.

“In the interim, those concerned about their accounts being compromised in this latest security breach should check and immediately change their passwords on any other accounts that may share the same password. We urge service providers to immediately enable MFA - ideally possession-based approaches that are easier for consumers to leverage. Consumers should take advantage of passwordless authentication or two-factor authentication methods if offered by your online service providers, as these are the best approaches to protect your online accounts.”



Featured Articles

UK police cyberattack a reminder of third party risk

Cyber criminals use back-door suppliers cyberattack to spread alarm through Britain's biggest police force

Building Cyber Resilience into ‘OT in Manufacturing’ webinar

Join Acronis' webinar, Building Cyber Resilience into ‘OT in Manufacturing’, 21st September 2023

Trustwave report on hospitality industry security threats

Nearly 31% of hospitality organisations have reported a data breach in their company’s history, according to a Trustwave cybersecurity report

Barracuda Managed XDR uses AI to uncover cyber incidents

Technology & AI

Imperva: 32% of work data breaches could have been avoided

Operational Security

Supply chain cyberattacks seen as catastrophic for business

Cyber Security