2021 was (sadly) the year for hackers– from the continuous rise of ransomware to new phishing scams creeping onto the scene. It has only just been revealed a record-breaking 17 million customer accounts were stolen by hackers from 17 companies, as a critical consequence from credential stuffing attacks.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>Credential stuffing attacks like this one can easily be avoided with passwordless authentication technologies. Passwords offer weak security and are an outdated form of authentication. This shared secret method makes it too easy for a malicious party to guess, steal, or socially engineer their way into a network to access sensitive data. </p>
<p>Passwordless authentication is a highly secure alternative. Enterprises should implement next-generation identity management with Public Key Infrastructure (PKI)-based authentication. Digital certificates work behind the scenes via a much stronger form of secret: A cryptographic key pair consisting of a public key and a private key — to ensure that sensitive information stays private and locked away from bad actors. Enterprises today can’t continue relying on pre-pandemic cybersecurity approaches. Strong digital identity security centered around passwordless authentication is key.</p>