Is it the end of the password as we know it?
A massive cache of 225 million stolen passwords was recently uncovered by the UK’s National Crime Agency (NCA). The NCA recovered the database from cyber-criminals who had collected real users' email addresses and passwords.
Andrew Shikiar, Executive Director of the FIDO Alliance, says the recent news has only cemented his company's belief that the world needs to get rid of the password problem. Fido Alliance is working in partnership with some of the world's biggest organisations including Apple, Google and Microsoft to rid the world of passwords.
“As 2021 nears its close, the news of these passwords from the NCA is yet another reminder that the primary tool used to secure accounts for billions of people worldwide (the password) is fundamentally flawed. Even a complex password can and eventually will be stolen and then find its way to the dark web – where hackers can purchase credential pairs for pennies and will then programmatically ‘stuff’ them into valuable accounts.
"The only way to stop this cycle is to break our dependence on passwords and other forms of knowledge-based authentication in favoUr of tools such as on-device biometrics and security keys – approaches that don’t require sending human-readable text to a server. One of the authentication highlights of 2021 was seeing Microsoft enable hundreds of millions of Microsoft Account users to get rid of their passwords – we’re looking forward to seeing more service providers following suit in 2022.
“In the interim, those concerned about their accounts being compromised in this latest security breach should check haveibeenpwned.com and immediately change their passwords on any other accounts that may share the same password. We urge service providers to immediately enable MFA - ideally possession-based approaches that are easier for consumers to leverage. Consumers should take advantage of passwordless authentication or two-factor authentication methods if offered by your online service providers, as these are the best approaches to protect your online accounts.”