Posted on July 22, 2022 at 5:07 AM
A recent report from cyber security firm ForgeRock revealed that threat actors stole more than 2 billion passwords in 2021 from various data leaks in cyberspace.
The firm’s fourth annual breach report shows that apart from passwords, hackers have also exfiltrated other forms of data. These include names, date of birth, addresses, banking details, social security numbers, and protected health information (PHI), as well as
The 2 billion passwords stolen last year represent a 35% increase from the figure in 2020, according to the report.
In a lot of instances, the threat actors take the stolen data to the dark net and offer them for sale on these sites. Although the passwords are not expensive to buy from these forums, they provide an avenue for other hackers to explore loopholes in future attacks. Hackers can use the initially stolen details for a ransomware attacks, identity theft, and other forms of attacks.
More Than 15 Billion Passwords Were Available For Sale In 2020
In 2020, the same report claims that there were more than 15 billion passwords available for sale on the dark web. This means that hackers are becoming more successful in stealing passwords.
Chief Executive Officer of ForgeRock, Fran Rosch, stated that the weakest links that hackers use to penetrate are usernames and passwords. The present situation in the online space has passed a point where a simple password can guarantee protection. These days, there are several passwords cracking methods and tools that are used to steal sensitive information once the password has been exposed.
Attackers also know this, which is why the number of stolen passwords has increased in recent times. As a result, there is high attention given to passwordless authentication, which is spurred by the FIDO2 WebAuthn.
ForgeRock thinks the future is passwordless, as there are now more biometric solutions such as fingerprint scanners and facial recognition software. With these tools, it will be more difficult for threat actors to gain control of a user’s account remotely. But at the moment, the majority of the systems and websites are still demanding usernames and passwords for access. However, many have deployed other authentication methods to limit the users’ exposure to hacking incidences.
Now, more organizations are adding multi-factor authentication as the best method f protecting online accounts. With these approaches, hackers who succeed in stealing passwords will still not have access to the target’s system without passing through the authentication prompt.
The Passwordless Authentication Market Is Growing
ForgeRock believes that the passwordless authentication market will grow to over $53 billion by 2030 from the $12.79 billion last year. Many organizations are still reliant on password systems to protect accounts, despite their numerous flaws.
Normally, a strong password can offer a high level of protection against attempts by hackers, but the majority of the passwords from users are usually weak. This allows the hackers to attempt to try combinations that could crack the passwords, and many of them succeed.
Security researchers have always stressed the need for users to have a strong combination of letters, numbers, and symbols when setting up their passwords. That way, threat actors will find it very difficult to crack, even with password-cracking software.
For more users, it is stressful to use a strong password with so many characters that may be forgotten, especially for those keeping multiple accounts. As a result, many of them prefer keeping simple passwords that they can easily remember. But password managers have made their jobs easier. Several password management software can be used to keep different types of passwords, allowing the user to get them easily whenever they are needed.
But ForgeRock has reiterated that a voice recognition system or fingerprinting system is the best way for users to protect their accounts. This security method is scantily available, but in the future, the firm believes that it will be more frequently used. This will prevent several cases of password leaks or theft of data that have become normal in this present time.
Meanwhile, the level of credential theft has increased during the Covid-19 pandemic. The situation gave hackers more momentum and a desire to steal data from unsuspecting victims. Many employees were forced to work from home, and hackers used various tactics to lure them into releasing details of their accounts. The number of exposed passwords keeps growing every day, and security researchers have advised users to deploy more authentication measures to keep their systems and data protected.