Why passwords are more fallible security than ever, and how users can protect themselves against phishing attacks.
As the growth of the Internet continues globally, and new emerging technologies like AI become increasingly important, the scope and sophistication of cyberattacks increases along with it. As a result, traditional usernames and passwords are no longer sufficient to ensure security – however, they remain one of the most widely used forms of authentication globally. What makes their continued use surprising is that they are widely criticized, both by users and cybersecurity professionals.
In some cases, users tend to choose weak passwords or reuse them across multiple accounts, increasing the risk of data compromise in the event of a successful cyberattack. Conversely, they are complex and more regularly updated as recommended within the framework of good practices, but in these cases, they place greater demands on users’ memory and therefore have a direct and negative impact on their experience, or even lead to poor security practices, such as writing them down on a post-it.
Phishing attacks, in which cybercriminals attempt to steal credentials by tricking their target or through social engineering, are the starting point for many cyberattacks. Once a password is compromised, bad actors can successfully bypass many forms of multi-factor authentication (MFA) like one-time codes (OTPs) sent via SMS. Reliable protection against modern cyberattacks therefore requires modern, phishing-resistant multi-factor authentication. Hardware security keys are one of the ways to effectively combat cyber threats today, as they provide users with an extra layer of security by requiring physical possession of the device to access online accounts, making the task considerably more difficult for cybercriminals.
The transition that users must make to modernize their authentication solutions and move towards a passwordless world is now possible, facilitated by devices compatible with modern and advanced protocols, such as FIDO2 or WebAuthn. These two standards allow authentication without passwords via biometrics, a mobile terminal or even security keys, ensuring a maximum level of security. With billions of stolen credentials now available on the Dark Web and cybercriminals launching automated login attempts using compromised passwords, it’s time to put an end to these real ones once and for all. vectors of vulnerabilities, and to evolve security practices.
