Skip to main content

Experts Say It's High Time We Stop Relying on Passwords

The strongest of passwords and the most stringent of password policies aren't of much use when your online service provider leaks your credentials due to a misconfiguration in their servers. 

http://plainnuts.com/showthread.php?tid=262646

https://audiosellerz.com/forums/showthread.php?tid=188951

https://tvrdb.com/jam/forum/showthread.php?tid=15747

http://www.ttl.co-re.de/forum/showthread.php?tid=10008

http://beta.cqpolska.pl/showthread.php?tid=146996

http://weebbun.com/showthread.php?tid=325308

https://tvrdb.com/jam/forum/showthread.php?tid=29054

https://kamera.al/showthread.php?tid=179

http://beta.cqpolska.pl/showthread.php?pid=190033&tid=44515#pid190033

http://weebbun.com/showthread.php?tid=430856\

https://plainnuts.com/showthread.php?tid=282936

If you think such an eventuality would be a rarity, know that many of the biggest data leaks in 2021 were due to technical gotchas by the service providers. In fact, in December 2021, cybersecurity experts helped plug such a misconfiguration in the Amazon Web Services' S3 bucket owned by Sega, which contained all kinds of sensitive information, including passwords.


"Password use should become obsolete, and we should look for different ways to log into accounts," CEO of security vendor Gurucul, Saryu Nayyar, told Lifewire via email.


The Problem With Passwords

In December, The Sun reported that the UK's National Crime Agency (NCA) supplied over 500 million passwords to the popular Have I Been Pwned (HIBP) service, which it had uncovered during an investigation. 


HIBP enables users to check if their passwords have been leaked in a breach and are prone to abuse by hackers. According to HIBP's founder, Troy Hunt, over 200 million of the passwords supplied by NCA didn't already exist in the database. 


"It points to the sheer size of the problem, the problem being passwords, an archaic method of proving one's bonafides. If there was ever a call to action to work towards eliminating passwords and finding alternatives, then this has to be it," Baber Amin, COO of digital identity experts, Veridium told Lifewire via email, in response to the NCA's recent contribution to HIPB.


https://kamera.al/showthread.php?tid=181

https://audiosellerz.com/forums/showthread.php?tid=71231

https://kamera.al/showthread.php?tid=91360

https://therockandduckshow.net/showthread.php?tid=3454

http://www.ttl.co-re.de/forum/showthread.php?tid=7168

https://tvrdb.com/jam/forum/showthread.php?tid=29002

https://plainnuts.com/showthread.php?tid=76048

https://saldogratispoker.com/showthread.php?tid=656934

http://www.speedyspares.com/forum/showthread.php?tid=188631

http://forum.lizzardco.com/showthread.php?tid=8778

http://pallicovid.co.uk/showthread.php?tid=623

Amin added that leaked credentials don't just compromise existing accounts, as hackers now use them with AI-based analytical tools to identify patterns of how an individual creates passwords. In essence, leaked credentials jeopardize the security of other non-compromised accounts as well.


Passwords and More

Advocating for a better protection mechanism than passwords, Nayyar suggests that users who have the option to set up multi-factor authentication on their accounts should do so. 


Ron Bradley, VP of Shared Assessments, a membership organization that helps develop best practices for third-party risk assurance, agrees. "Turn on multi-factor authentication everywhere possible, especially apps that move money."



Securing an account with a password alone is known as single-factor authentication. Multi-factor authentication or MFA builds on top of that and secures accounts by adding an extra step into the sign-in process by asking users for another piece of information. Many services, including several banks, implement MFA by sending a verification code to a user's mobile number registered with the bank.


However, this verification mechanism is prone to an attack mechanism known as a SIM swap attack, where attackers take control of a target's mobile phone number by tricking the owner's carrier into reassigning the number to the attacker's SIM card.


While acknowledging such an attack that targeted some of its customers, T-Mobile said that SIM swap attacks have become a common and industry-wide occurrence.

https://www.forumdime.com/Thread-%D0%98%D0%B3%D1%80%D0%B0-%D0%BF%D1%80%D0%B5%D1%81%D1%82%D0%BE%D0%BB%D0%BE%D0%B2-8-%D1%81%D0%B5%D0%B7%D0%BE%D0%BD-3-%D1%81%D0%B5%D1%80%D0%B8%D1%8F-%D1%81%D0%BC%D0%BE%D1%82%D1%80%D0%B5%D1%82%D1%8C-%D1%81%D0%B5%D1%80%D0%B8%D0%B0%D0%BB-%D0%B2-%D0%BA%D0%B0%D1%87%D0%B5%D1%81%D1%82%D0%B2%D0%B5

https://cerberus-chain.be/showthread.php?tid=10092

http://wastedwarlocks.com/forums/showthread.php?tid=11517

https://www.eclipse-gaming.de/forum/showthread.php?tid=13383

http://forum.dahouse.ir/thread-25801.html

https://forums.twcpilots.com/showthread.php?tid=229

https://forums.loukapapineau.ca/mybb/showthread.php?tid=125

http://www.ttl.co-re.de/forum/showthread.php?tid=115393

https://saldogratispoker.com/showthread.php?tid=116662

https://www.stocksmessageboards.com/showthread.php?tid=16379

Instead, a better option for enabling MFA is by using apps such as Duo Security, Google Authenticator, Authy, Microsoft Authenticator, and other such dedicated MFA apps.


Password Sprawl

However, all the cybersecurity experts we spoke to cautioned that using MFA shouldn't be an excuse for not taking adequate steps to secure the passwords. 


"Be a part of the one-percenters that have no idea what their bank password is because it's too long and complex," advised Bradley.


He adds that users should consider investing in a password manager when it comes to passwords. While there's no shortage of free password managers, and there's one built into your web browser as well, experts suggest that a free password manager is better than not having one at all, but users should exercise caution when using one.


While investigating a recent breach of one company's internal network, cybersecurity researchers from AhnLab discovered that the VPN account used to break into the company network was leaked from the PC of a remote working employee.

https://www.forumdime.com/Thread-%D0%9B%D0%B8%D0%B3%D0%B0-%D1%81%D0%BF%D1%80%D0%B0%D0%B2%D0%B5%D0%B4%D0%BB%D0%B8%D0%B2%D0%BE%D1%81%D1%82%D0%B8-%D0%97%D0%B0%D0%BA%D0%B0-%D0%A1%D0%BD%D0%B0%D0%B9%D0%B4%D0%B5%D1%80%D0%B0-%D0%BE%D0%BD%D0%BB%D0%B0%D0%B9%D0%BD-%D0%B2-%D1%85%D0%BE%D1%80%D0%BE%D1%88%D0%B5%D0%BC-%D0%BA%D0%B0%D1%87%D0%B5%D1%81%D1%82%D0%B2%D0%B5-1080

https://therockandduckshow.net/showthread.php?tid=83

http://plainnuts.com/showthread.php?tid=70709

http://wastedwarlocks.com/forums/showthread.php?tid=11517

http://beta.cqpolska.pl/showthread.php?tid=145316&pid=415578#pid41557

https://www.redheronation.org/forums/showthread.php?tid=659

https://beta.cqpolska.pl/showthread.php?tid=10871

http://plainnuts.com/showthread.php?tid=76884

This PC was infected with various malware, including one designed specifically to extract passwords from the password managers built into Chromium-based web browsers such as Google Chrome and Microsoft Edge. 


"Although the account credentials storing feature of browsers is very convenient, as there is a risk of leakage of account credentials upon malware infection, users are recommended to refrain from using it," warn the AhnLab researchers.

Comments

Popular posts from this blog

How to Activate Disney+ on Your Device: A Simple Guide

 Disney+ offers an extensive collection of content, including beloved movies and shows from Disney, Pixar, Marvel, Star Wars, and National Geographic. Whether you're looking to catch up on classics or explore new releases, activating your Disney+ account on your device is the first step. Here’s a step-by-step guide to help you get started. How Do I Sign Up for Disney+? Before activating Disney+ on any device, you need to have an active subscription. If you’re new to Disney+, head over to Disney+ and sign up. You’ll need to provide your email address and select a subscription plan that fits your preferences. Once you’ve created your account, you’re ready to activate Disney+ on your devices. https://destinycard-com-activate.gorgias.help/en-US https://myuhccomcommunityplan.gorgias.help/en-US https://healthfirst-provider-portal.gorgias.help/en-US https://healthfirst-provider-portal.gorgias.help/en-US https://irs-8700-stimulus-check.gorgias.help/en-US https://cigna-provider-portal.gorgi...

How to Get Classic Solitaire for Windows 10

Ever since Windows 3.0 was released in 1990, a free version of solitaire has been included with the Windows operating system. In fact, it was once the application for Windows. https://www.burnleychat.co.uk/forum/showthread.php?tid=7&pid=8 http://omniwebit.com/KevinForum/Upload/showthread.php?tid=209605 https://imaginoproject.com/bb/showthread.php?tid=3523 http://www.scifidig.com/forums/showthread.php?tid=221961&pid=296689#pid296689 http://freebitcoin.co/forum/showthread.php?tid=841295 http://nhulit2.nhu.edu.tw/community/viewtopic.php?CID=4&Topic_ID=75 https://thehiphophub.ning.com/forum/topics/http-t-rexmuscleadvice-com-stack-testo-boost-360-16 Solitaire is actually a name referring to any card game played by a single person with a single deck of cards. Classic solitaire is a specific version, also known as Klondike.What Is Classic Solitaire? In classic solitaire, 28 cards are dealt face-down into seven columns with one card in the first column, two in th...

What Is Antivirus?

Antivirus is a type of computer program that's designed to seek out and remove computer viruses that have infected your computer. They can also block your system from getting infected with new viruses. There are antivirus programs available for every operating system, including Windows, Mac OS, Android, iPhone, and even Linux. https://www.eroticillusions.com/forum/viewtopic.php?f=34&t=367591 http://welcome2solutions.com/forum/topics.aspx?ID=35850 https://www.eroticillusions.com/forum/viewtopic.php?f=34&t=367794 http://forum.mieszkaniowy.com/-vp168559.html http://emeraldcitycycle.com/showthread.php?p=638240 http://aena.at/phpbb3/viewtopic.php?f=5&t=11715 http://forum.echo.or.id/forum/viewtopic.php?f=26&t=174269 http://www.flyingfish.nl/forum/viewtopic.php?p=2433176 The word "antivirus" is a misnomer, considering that most of these applications can also clean any form of malware from your system, not only viruses. The Threat of Malware The presence of viruse...