Is it the end of the password as we know it?

Andrew Shikiar, Executive Director of the FIDO Alliance, calls time on the password and provides practical steps for those worried about their accounts.

A massive cache of 225 million stolen passwords was recently uncovered by the UK’s National Crime Agency (NCA). The NCA recovered the database from cyber-criminals who had collected real users' email addresses and passwords.

Andrew Shikiar, Executive Director of the FIDO Alliance, says the recent news has only cemented his company's belief that the world needs to get rid of the password problem. Fido Alliance is working in partnership with some of the world's biggest organisations including Apple, Google and Microsoft to rid the world of passwords.

“As 2021 nears its close, the news of these passwords from the NCA is yet another reminder that the primary tool used to secure accounts for billions of people worldwide (the password) is fundamentally flawed. Even a complex password can and eventually will be stolen and then find its way to the dark web – where hackers can purchase credential pairs for pennies and will then programmatically ‘stuff’ them into valuable accounts.

"The only way to stop this cycle is to break our dependence on passwords and other forms of knowledge-based authentication in favoUr of tools such as on-device biometrics and security keys – approaches that don’t require sending human-readable text to a server. One of the authentication highlights of 2021 was seeing Microsoft enable hundreds of millions of Microsoft Account users to get rid of their passwords – we’re looking forward to seeing more service providers following suit in 2022.

“In the interim, those concerned about their accounts being compromised in this latest security breach should check haveibeenpwned.com and immediately change their passwords on any other accounts that may share the same password. We urge service providers to immediately enable MFA - ideally possession-based approaches that are easier for consumers to leverage. Consumers should take advantage of passwordless authentication or two-factor authentication methods if offered by your online service providers, as these are the best approaches to protect your online accounts.”

 

Share

Featured Articles

ICYMI: New Age of the CISO and cybersecurity trends for 2023

A week is a long time in cybersecurity, so here’s a round-up of the Cyber Magazine articles that have been starting conversations around the world

Kingfisher chooses Google Cloud as catalyst for growth

Google Cloud will support Kingfisher's digital ambitions with a range of solutions, from infrastructure to data analytics.

ICYMI: Cyber predictions for 2023 and trouble in paradise

A week is a long time in cybersecurity, so here’s a round-up of the Cyber Magazine articles that have been starting conversations around the world

Osirium shares its cyber predictions for 2023

Cyber Security

ICYMI: Unloved emails and cybersecurity worth $500bn by 2030

Cyber Security

Cyber security market anticipated to reach $500bn by 2030

Cyber Security