SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Passwordless
#
Cybersecurity
#
Cyber attacks

Tech experts urge passwordless protection on World Password Day

Wed, 1st May 2024
Author image
By Sean Mitchell, Publisher

In reflection of World Password Day (May 2), prominent voices in the tech industry stress the need for advanced security protocols to mitigate the continually growing threat of cyber attacks. One of these voices is Stuart Wells, Chief Technology Officer at Jumio. Known globally for its state-of-the-art identity verification system, Jumio employs AI-powered biometrics to safeguard customers' online activities.

Wells draws attention to the unanticipated drawback of the recent 'push-bombing' attack on Apple users. Customers were targeted with a slew of counterfeit password reset notifications, with those who declined the requests receiving purported calls from Apple Support. Phishers, utilising openly accessible information and manipulating social engineering tactics, hoodwinked users to disclose SMS-based one-time passwords. This enabled the perpetrators to alter account passwords and erase users' Apple devices remotely.

Against this backdrop, Wells comments, "World Password Day reminds us of the critical vulnerabilities of relying solely on password-based authentication. Passwords are easily guessed, cracked and reused across multiple accounts, making them a prime target for cybercriminals." He adds that the long-employed authentication practices, such as knowledge-based authentication (KBA) and SMS-based two-factor authentication (2FA), struggle to counter the escalating sophistication of attacks.

The solution, according to Wells, is adopting "more robust and reliable methods of passwordless authentication". He posits that biometric authentication delivers a more secure and intuitive experience, subsequently minimising the effect of hacks and internet fraud. Notably, smartphone users are no strangers to biometric authentication, making it easier for businesses to introduce and integrate passwordless authentication alternatives. "Using biometrics at account creation and on an ongoing basis not only offers better protection against account takeover fraud but also eliminates the need to remember complex passwords and initiate password resets, which we all find annoying," explains Wells. Furthermore, Wells emphasises that adopting such an approach curbs password sharing - an overlooked factor contributing to data breaches and account compromise.

Wells wants to drive home the crucial need for fundamental change, stating, "In an age of AI-assisted cyberattacks, World Password Day needs to become World Passwordless Day. The password has outlived its usefulness, and we need stronger ways of protecting ourselves online." His comments underline the importance of acknowledging the colossal threats posed by current cybersecurity methods and taking swift action to deploy advanced, more dependable methods of online protection.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Logicalis becomes first global partner for Cisco MXDR
UK API security incidents rise to 83% in 2024 report
Rubrik collaborates with Red Hat for OpenShift support
Bitdefender releases decryptor tool for ShrinkLocker
UK businesses increasingly outsourcing cybersecurity
Top stories
Cequence Security launches comprehensive API security services
Dbvisit & CYBERTEC team up to boost PostgreSQL services
Exclusive Networks partners with Druva for SaaS data protection
UK SMEs fear cybersecurity risks in remote working era
Vanquis Bank adopts SAS Viya on Azure for better analytics