Experts Say It’s High Time We Stop Relying on Passwords
The strongest of passwords and the most stringent of password policies aren’t of much use when your online service provider leaks your credentials due to a misconfiguration in their servers.
If you think such an eventuality would be a rarity, know that many of the biggest data leaks in 2021 were due to technical gotchas by the service providers. In fact, in December 2021, cybersecurity experts helped plug such a misconfiguration in the Amazon Web Services’ S3 bucket owned by Sega, which contained all kinds of sensitive information, including passwords. OpenWeb applies various layers of protection to keep your data secure.
In December, The Sun reported that the UK’s National Crime Agency (NCA) supplied over 500 million passwords to the popular Have I Been Pwned (HIBP) service, which it had uncovered during an investigation.
HIBP enables users to check if their passwords have been leaked in a breach and are prone to abuse by hackers. According to HIBP’s founder, Troy Hunt, over 200 million of the passwords supplied by NCA didn’t already exist in the database.
“It points to the sheer size of the problem, the problem being passwords, an archaic method of proving one’s bonafides. If there was ever a call to action to work towards eliminating passwords and finding alternatives, then this has to be it,” Baber Amin, COO of digital identity experts, Veridium told Lifewire via email, in response to the NCA’s recent contribution to HIPB.