Tag: Credentials Enterprise

Google 2FA Breach: Rethink Authentication Security

Posted on by Srishti Chaubey

In today’s digital landscape, safeguarding our online presence is paramount. Two-factor authentication (2FA) has emerged as a crucial tool in this endeavour. Platforms like Google and Facebook offer 2FA to bolster account security. However, there have been multiple incidents revealing vulnerabilities in this system, prompting concerns among users.

The Case of the Bypassed 2FA

Recent reports unveiled breaches in Gmail and YouTube accounts despite 2FA activation. This revelation underscores a fundamental truth: security with passwords, along with 2FA or MFA is fallible. Hackers continuously adapt their tactics, exploiting weaknesses even in trusted systems like 2FA.

Credit : Forbes

Understanding the Bypass

While the exact method remains undisclosed, hackers may employ various strategies to circumvent 2FA. According to Forbes, It’s probable that these users fell prey to what’s known as a session cookie hijack attack. Typically initiated through a phishing email, hackers direct victims to a counterfeit login page. Upon entering their credentials, users are prompted to complete a simulated 2FA challenge, which they unwittingly comply with.

The Role of Vigilance

Despite these challenges, I would personally suggest moving away from systems that solely rely on 2FA for authentication. But in the extreme case where abandoning 2FA is not the solution, users must adopt additional measures to enhance their security posture.

Secure Alternative to 2FA/MFA

As we have seen numerous instance of 2FA & MFA getting by passed, enterprises need better methods to secure access to their resources. PureAUTH Secure IAM platform provides Zero Trust -Passwordless access and protects enterprises from following type of attacks

  1. Password Spraying & brute forcing attacks
  2. Credential Phishing, Push fatigue and Adversary in the middle attacks
  3. Public Key replacement attacks targeted at solutions using Public Key based authentication like FIDO keys
  4. Social Engineering attacks to reset user credentials and reset or disable MFA/2FA
  5. Abuse of shared credentials or leaked credentials and in general credential stuffing attacks

Elevating Security: Going Beyond 2FA

Security is an ongoing journey, requiring a multifaceted approach. While the challenges of bypassing 2FA are evident, there’s a growing trend towards passwordless authentication methods. Embracing secure identity and access management technologies, adopting a zero-trust architecture are some promising alternatives. By adapting these alternatives and staying vigilant, users can reinforce their online security against the ever-evolving tactics of cyber criminals.

PureID offers solutions that curate a robust defence against unauthorised access, heralding a more secure digital future for organizations. Embrace the resilience of passwordless authentication, reinforce your security posture with PureID, and navigate the cybersecurity landscape with renewed strength. The journey continues—Passwordless Authentication awaits.

Read Also

Breach Chronicles: MongoDB’s Unsettling Security Saga Unfolds

GitHub: Millions of Secrets Exposed

Posted on by Srishti Chaubey

Introduction

In 2023, developers inadvertently leaked a staggering 12.8 million secrets on public GitHub repositories, marking a concerning 28% increase from the previous year. This revelation underscores the security challenge faced by GitHub, as highlighted in a recent report by GitGuardian, a leading security vendor in the software development realm.

Persistent Security Gap

Despite the alarming number of leaked secrets, GitGuardian found that a staggering 90% of these exposed secrets remained active even five days after the initial leakage. Shockingly, only a mere 2.6% were revoked within one hour of receiving notification via email.

The Threat of Malicious Repository Forks

The report adds to the ongoing security challenges faced by GitHub. Since mid-2023, attackers have exploited GitHub’s ecosystem, employing sophisticated tactics to infiltrate legitimate repositories and spread malware. These incidents serve as a reminder of the ongoing challenges in securing the software supply chain.

Commonly Leaked Secrets

The most commonly leaked secrets included Google API keys, MongoDB credentials, OpenWeatherMap tokens, Telegram Bot tokens, Google Cloud keys, and AWS IAM. These leaked credentials could potentially grant unauthorised access to sensitive enterprise resources, posing a significant threat to organisational security.

Growing Popularity of AI Services

GitGuardian’s report also shed light on the growing popularity of AI services, with a notable increase in leaks of OpenAI API keys and HuggingFace user access tokens. These findings underscore the need for heightened security measures in the rapidly evolving landscape of artificial intelligence.

Sectoral Impact

The IT sector emerged as the worst offender, accounting for 65.9% of the total leaked secrets, followed by education, science & technology, retail, manufacturing, and finance and insurance.

Credit: GitGuardian.com


It’s concerning to see India leading the charge in secret leaks, underscoring the necessity of bolstering security practices in CI/CD pipelines. This serves as a reminder of the critical need for enhanced vigilance in safeguarding sensitive data.

Call to Action

GitGuardian urged organisations to not only detect but also remediate these leaks effectively. While detection is crucial, remediation efforts are equally essential in mitigating the risks associated with leaked secrets. Additionally, organisations can enhance their security posture by leveraging advanced authentication frameworks such as PureAUTH’s CASPR module.

This module ensures codebase integrity with cryptographic verification. By implementing robust security measures and utilising advanced authentication solutions, organisations can better safeguard their data.

Conclusion

In conclusion, the findings from GitGuardian’s report underscore the pressing need for organisations to prioritise security measures to safeguard sensitive data and prevent unauthorised access to critical resources. The threat posed by millions of malicious repository forks since mid-2023 further highlights the importance of bolstering GitHub’s security infrastructure. By adopting advanced authentication frameworks such as CASPR, organisations can bolster their defences against security threats and ensure the integrity of their codebase.

PureID helps enter prises to remove secrets like passwords, static keys, access tokens with its passwordless technology. By adopting it’s other  advanced authentication frameworks such as ZITA – Just-In-Time-Access & CASPR code-commit protection, organisations can bolster their defences against security threats and ensure the integrity of their codebase.

American Express Warns Customers of Third-Party Data Breach

Posted on by Srishti Chaubey

Introduction

American Express (Amex) has disclosed a potential data breach, affecting some of its credit card holders. The breach, originating from a third-party service provider, has raised concerns about the security of cardholder information.

Timeline

  • March 4, 2024: Breach Notification:
    • American Express files a breach notification letter with the Massachusetts State Attorney General’s Office as a precautionary measure.
    • The breach is attributed to a point-of-sale attack at a merchant processor, not directly involving American Express or its service providers.
  • March 5, 2024: Public Disclosure:
    • Details of the breach are publicly disclosed by American Express, acknowledging the potential compromise of cardholder names, account numbers, and expiration dates.
    • American Express reassures card members and emphasises its robust monitoring systems.
Screenshot of American Express Breach Notice

Details of the Breach

Incident Overview:

  • The breach occurred due to a point-of-sale attack at a merchant processor, not directly involving American Express or its service providers.

Affected Information:

  • Account information potentially compromised includes cardholder names, American Express card account numbers, and expiration dates.
  • Both active and previously issued credit card account numbers may have been impacted.

Customer Perspective

Customer Liability:

  • American Express assures its card members that they won’t be liable for fraudulent charges on their accounts.
  • The company emphasises its sophisticated monitoring systems to detect and address any suspicious activity promptly.

Recommendations for Customers:

  • Customers should regularly review and monitor their account activity.
  • American Express recommends Free fraud and account activity alerts via email, SMS text messaging, and app notifications for added protection.

Industry Perspective

Accountability of Third-Party Service Providers:

  • Cyber security experts such as Liat Hayun, CEO and co-founder of Eureka Security, stress the importance of holding third-party service providers accountable for data security.
  • Recent incidents, like the Bank of America breach with Infosys McCamish Systems, highlight the persistent challenge of third-party vulnerabilities.
  • With breaches attributed to groups like LockBit ransomware, there’s a pressing need to fortify security measures.
  • Previous breaches, such as Bank of America’s exposure via Ernst & Young, emphasise the necessity of securing access points to sensitive data.

Conclusion

The American Express data breach serves as a reminder of the ongoing cybersecurity challenges faced by financial institutions and the imperative need for proactive security measures. Using and Managing passwords also costs a lot. The easiest solution of this unavoidable situation is adopting passwordless solutions for Identity and Access Management (IAM). Password-based authentication methods are increasingly vulnerable to cyber threats.  Embracing advanced authentication mechanisms can mitigate unauthorised access risks and safeguard sensitive information.

Securing Cloud Environments: Lessons from the Microsoft Azure Breach

Posted on by Srishti Chaubey

Introduction

In the wake of the recent Microsoft Azure breach, it has become increasingly evident that organizations must prioritise enhancing their security posture to mitigate the risk of similar incidents in the future. This breach, attributed to compromised passwords & MFA manipulation, underscores the critical importance of implementing passwordless authentication solutions to strengthen overall security.

The Breach

The breach unfolded through a series of sophisticated maneuvers executed by cyber criminals to exploit weaknesses in Azure’s security framework. Initially, phishing emails targeted mid and senior-level executives, enticing them into disclosing their login credentials unwittingly. 

Armed with these credentials, attackers gained unauthorised access to Azure accounts, despite the presence of multi-factor authentication (MFA). By circumventing MFA and substituting victims’ MFA settings with their own, attackers maintained undetected access to Azure resources. 

They further obscured their identities using proxies, evading detection while seizing control of sensitive data and cloud resources.

This helps attackers bypass any poorly designed adaptive authentication solution relying on IP based access restriction or re-authentication.

How Microsoft Azure was Breached

The Lessons

  1. Phishing: Implement Phishing-Resistant Authentication Methods
    • Organisations must adopt phishing-resistant authentication methods to combat prevalent phishing attacks. Staff training alone may not suffice, necessitating solutions that minimise the risk of credential theft.
  2. Credential Theft: Go Passwordless
    • Enhanced credential security with multi-factor authentication is insufficient. Robust password management practices and adaptive MFA solutions have been and will continue to be breached unless you eliminate credentials altogether. Passwordless solutions are the optimal choice for enterprises, as they have been for quiet some time now. Both enterprises and individuals must recognise and adopt it as a standard practice.
  3. MFA Replacement: Implement Continuous Monitoring and Anomaly Detection
    • When you’re using credentials, it’s crucial to keep an eye on them. Continuous monitoring and anomaly detection play a vital role here. They help spot any unauthorised changes in MFA settings promptly, preventing any further access.
  4. Masking Location Using Proxies: Strengthen Adaptive Authentication Checks
    • Strengthening adaptive authentication checks is vital to detect suspicious activities like masked locations. Geo-location based authentication or behavioural biometrics can enhance authentication accuracy.
  5. Cloud Account Takeover: Implement Zero Trust Security Architecture
    • Implementing a Zero-trust security model is crucial to verify every access request, regardless of source or location. Granular access controls and continuous monitoring can mitigate the impact of cloud account takeovers.

Moving Forward

In the aftermath of this breach, organizations must prioritise fortifying their security posture to prevent similar incidents. While passwordless authentication solutions offer promising alternatives, organizations should also concentrate on strengthening existing security protocols, conducting regular security audits, and enhancing employee awareness to mitigate future threats effectively.

Conclusion

The breach of Microsoft Azure serves as a stark reminder of the imperative for proactive cybersecurity measures in safeguarding sensitive data and mitigating the risk of unauthorised access. 

By embracing passwordless authentication solutions and implementing a holistic security strategy, organizations can enhance their resilience against evolving cyber threats and safeguard their invaluable assets effectively.

Mother of all breaches: Which you could have avoided !!

Posted on by Srishti Chaubey

Introduction

Don’t use passwords they said. It can be breached they said. Well, surprise, surprise, we didn’t pay much attention. Now, here we are, nervously checking our email IDs against the colossal 26 billion-record breach – the mother of all breaches!

Breach Unveiled: A Symphony of Chaos

So, there’s this massive breach, Mother of All Breaches (MOAB), a digital pandemonium that has exposed a whopping 26 billion records. It’s like a digital opera – records from MySpace to Adobe, starring Tencent, Weibo, Twitter, and LinkedIn. Your data just had its grand debut!

Mother of all breaches: 100M+ leaked records
Credit: https://www.extremetech.com/internet/repository-named-moab-mother-of-all-breaches-contains-12tb-of-stolen-credentials

The Dramatic Unfolding

Picture this: MOAB is a blockbuster compilation of data breaches, meticulously curated. It’s like a Hollywood blockbuster, but your credentials are the star, and not in a good way. Your once-secure passwords are now part of a hacker’s treasure trove. Slow clap for the password drama.

Passwords – The Ultimate Blunder

If  Ellen DeGeneres hosted this show, she’d say, “You had one job – say no to passwords!” See the aftermath? Identity theft, phishing attacks, and a surge in password-stuffing shenanigans. All thanks to those outdated, reused, and easy-to-crack passwords.

Passwordless Paradise: Where Dreams Come True

Now, imagine an alternate universe where you actually listened – where passwordless authentication is the superhero. No MOAB nightmares, just smooth, secure logins without the hassle of juggling countless passwords. A utopia, right?

Mitigation Party: Reclaim Your Digital Kingdom

Inspect Your Vulnerability: Employ tools such as “Have I Been Pwned” and data leak checker. data leak checker. Use “Privacy Hawk” to trace your data’s path and request removal from unwanted websites. Move swiftly: Purge your digital footprint by eliminating your data from irrelevant websites.

Conclusion: Lessons Learned (Hopefully)

In an ideal world, you’d have embraced passwordless authentication, and we’d all be sipping digital margaritas by now. But, alas, here we are – dealing with the aftermath. Take this as a digital wake-up call: passwords belong to the past, let’s march into a passwordless future.

A Final Plea: Break Free from Passwords

Passwords are so yesterday!! The revolution is calling – will you answer? Join the passwordless parade; your digital sanity will thank you later. Use PureId, Stay Safe.

Microsoft Reveals Russian Hack: Executives’ Emails Compromised

Posted on by Srishti Chaubey

Introduction

In a recent disclosure, Microsoft unveils the details of a sophisticated cyber breach by Russian state-sponsored hackers. The breach, detected on January 12, sheds light on the tactics of the notorious hacking group, Midnight Blizzard, also known as APT29 or Cozy Bear.

Breach Overview: Understanding the Intrusion

In November 2023, Midnight Blizzard initiated a password spray attack. They compromised a legacy non-production test tenant account, gaining access to limited Microsoft email accounts.

Compromised Accounts: Impact on Corporate Email Security

The aftermath reveals that a select group fell victim, including members of Microsoft’s senior leadership team and employees in crucial functions such as cybersecurity and legal. The attackers exfiltrated emails and attached documents, putting sensitive information at risk.

Attribution and Interest: Identifying the Culprits

Microsoft’s threat research team attributed the breach to APT29, emphasising the group’s specific interest in Microsoft’s knowledge of their operations. This marks Midnight Blizzard’s return after their infamous 2020 cyberattack on SolarWinds.


Highlighting the Key Issue: Addressing Problems with Passwords

The breach underscores the vulnerability posed by traditional password systems. The password spray attack exploited weak passwords, showcasing the critical need for organizations to evolve towards passwordless solutions to enforce security.

Risk Mitigation: Addressing Future Threats

Microsoft, quick to respond, is now advocating for the adoption of passwordless solutions as a preventive measure against such breaches. The urgency to reassess and enhance cybersecurity measures has never been more evident.

Immediate Response: Microsoft’s Swift Action

In response to the breach, Microsoft has promptly applied enhanced security standards to its legacy systems and internal business processes. This immediate action aims to sabotage potential follow-up attacks and protect against further unauthorised access.

Ongoing Investigation: Collaborating with Authorities

The investigation is ongoing, with Microsoft actively collaborating with law enforcement and regulators to comprehensively assess the full impact of the breach. This collaboration is crucial for determining additional preventive measures and addressing the evolving landscape of cyber threats.

Conclusion: Looking Ahead

As companies face ever-changing online risks, the Microsoft hack is a clear signal that using weak passwords can be a big problem. Implementing passwordless solutions stands out as a critical step towards a more secure digital future.

Okta Breach Part 2: Unveiling the Full Scope and Impact

Posted on by Srishti Chaubey

Introduction

In late October, Okta, reported a cybersecurity breach that initially appeared to affect less than 1% of its customers. However, recent revelations indicate a far-reaching impact, affecting 99.6% of users in the customer support system. This blog post delves into the broader implications of this

The True Scope Revealed

Contrary to initial estimates downplaying, it has now been disclosed that hackers successfully ran a report on September 28, 2023. It contained sensitive information about all Okta customer support system users. The compromised data had names, email addresses, company names, contact phone numbers, and other details, Impacting 100% of Okta Workforce Identity Cloud (WIC) and Customer Identity Solution (CIS) customers. The only exception being those in highly sensitive environments such as the government.

Okta breach : 100% users affected.
Image Source : https://www.helpnetsecurity.com/2023/11/06/okta-support-compromised-service-account/

Financial Impact on Okta

Despite the significant dip in Okta’s stock prices when the breach was first reported in October, resulting in a temporary loss of approximately $2 billion in market capitalisation, the financial fallout seems to be hovering in the single digits. Okta’s latest quarterly financial report indicates a more than 20% increase in revenues for the quarter ending October 31, demonstrating a robust financial performance despite the security incident.

Customer Trust at Stake

The discrepancy between the initially reported 1% impact and the actual 99.6% of affected users reveals a concerning lapse in transparency. Okta customers are now grappling with the realization that threat actors may have access to their names and email addresses, exposing them to the risk of phishing and social engineering attacks. While Okta assures that there is no direct evidence of exploitation, they urge customers to remain vigilant. This stolen information could be weaponized for targeted cyber scams.

Phishing and Social Engineering Threat

With 99.6% of users having their names and email addresses exposed. These stolen data poses a heightened risk of phishing and social engineering attacks.

Okta Phishing

Cyber security experts emphasise the need for Okta customers, especially administrators, to enforce multi-factor authentication (MFA) and consider the use of phishing-resistant authentication. The potential for threat actors to exploit this information for targeted attacks underscores the importance of proactive security measures on the customer’s end.

Conclusion

In the aftermath of the Okta breach, customer trust in identity management systems faces a critical test. As emphasised by the mantra “The ‘S’ in IAM stands for Security”, the true scale of the incident challenges the reliance on auto-saved passwords, demonstrating the vulnerability of conventional systems. We urgently advocate for the adoption of passwordless authentication. For those catching up, our previous post details the Okta breach, highlighting the imperative to #gopasswordless . This approach not only addresses current vulnerabilities but also aligns with the evolving demands of a secure digital landscape.

Unpacking Okta’s Recent Security Breach

Posted on by Srishti Chaubey

Introduction

In today’s interconnected world, data breaches have become unfortunately common. One recent incident that has drawn the cybersecurity community’s attention involves Okta, a prominent identity and access management (IAM) provider. This blog post delves into the specifics of the Okta breach, its impact, and the lessons we can learn.

The Initial Okta Breach

The story starts with a breach of Okta’s case management system, reported in late October. Threat actors gained unauthorised access to sensitive files of 134 Okta customers, less than 1% of the customer base. Some stolen files were HTTP Archive (HAR) files with session tokens, usable in session hijacking attacks.

Okta Breach
Image Source : https://www.helpnetsecurity.com/2023/11/06/okta-support-compromised-service-account/

Targets: BeyondTrust, Cloudflare, and 1Password

BeyondTrust, Cloudflare, and 1Password confirmed their systems were targeted due to this breach. They emphasised no loss of customer data during these incidents, highlighting their robust security measures.

Okta’s Response and Investigation

David Bradbury, Okta’s Chief Security Officer, revealed the breach’s origin. An employee logged into their personal Google account on an Okta-managed laptop, inadvertently saving service account credentials. The hackers exploited this service account, gaining permissions to view and update support cases. The breach occurred from September 28 to October 17, 2023.

Okta Breach Flow
Image Source: https://www.cyberark.com/resources/blog/piecing-together-the-attack-on-oktas-support-unit

Investigation Challenges

Okta’s security team initially focused on unauthorized access to support cases. Identifying suspicious downloads took 14 days. Unique log event types and IDs complicated the detection process.

On October 13, BeyondTrust provided a suspicious IP address, leading to the identification of the compromised account’s activities.

Implications and Ongoing Concerns

The breach raises numerous cybersecurity concerns. Callie Guenther, Senior Manager of Cyber Threat Research at Critical Start, highlighted the potential for secondary attacks arising from exposed data. Such incidents erode trust in service providers, especially for security-focused companies like Okta.

John Bambenek, Principal Threat Hunter at Netenrich, pointed out that recurring security events raise questions about Okta’s reliability in sensitive roles like identity and authentication.

Conclusion: The Vital Role of Passwordless Authentication

The Okta breach underscores the importance of robust cybersecurity practices. Organisations must remain vigilant, conducting continuous security assessments and proactively implementing measures against evolving threats.

A single compromised password can jeopardize an entire institution. Therefore, we strongly advocate for passwordless authentication. By eliminating passwords, organizations can fortify their defenses, enhancing security and reducing the risk of future incidents. Passwordless authentication is a safer and more effective approach to protecting digital identities in today’s evolving landscape. #gopasswordless

Resolution 2023 | Making World Password Free

Slack’s GitHub Exposed – Another MFA Failure

Posted on by Srishti Chaubey

Slack reported suspicious activity on January 9th, 2023 regarding a breach in it’s remotely stored GitHub account. Upon investigation, it was found that tokens of a few Slack employees were stolen, and used to gain access to remote git repositories. The threat actors also downloaded code from private repository. Slack also stated that the threat resulted from a third party vendor, and also assured its users that no customer data is at risk.

Previous Incidents

In March 2015, Slack shared that it had been hacked for over four days in Feb 2015. Additionally, In January 2021, it had a outage for several hours. In a previous blog , we have discussed a past security bug on Slack at December 2022 where passwords were stored in their Android apps in plain text.

Reason and Impact

The attackers were able to gain access due to a security flaw in Slack’s authentication system using Brute Force. Once they had access, they were able to steal the secret seeds (used to generate pseudo random tokens) associated with that organisation’s account and gain access to the private code repositories stored on GitHub. The fact that a brute force attack was successful indicates a security lapse from Slack.

The company claims that the threat actors did not get access to production environment, customer data or Slack resources. Additionally, Slack rotated the concerning tokens with the third vendors, and deployed additional security on their externally hosted GitHub.

About MFA Tokens

In their update what Slack is mentioning as token are MFA seeds or secret keys. These seeds or keys are shared secret between the (Slack’s) server and user’s MFA application. These seeds are used in generation of tokens which are then used to authenticate user in conjunction with passwords.

image credit – Twilio

Twilio has provided here a detailed explanation on how the MFA works with secret keys. Unfortunately Twilio’s Authy was breached and customer’s TOTP secret keys were leaked in the recent past.

Mitigation

Authentication system depending on abusable data like Passwords, Biometrics, or TOTP/HOTP Tokens, of public-keys are insecure by design. Adopting authentication solution which makes use of zero-knowledge factors are resilient to data leakage in case of breach.

PureID‘s Passwordless Authentication platform – PureAUTH eliminates the risk in case of total breach of the authentication parameters it uses to verify users.

Check out, how PureAUTH makes Slack Passwordless and secure from credential based attacks.

Connect with us to know how PureAUTH platform can help your enterprise be more secure and resilient.

Passwords are like Plastic; Lets get rid of ’em

Posted on by Ajit Hatti

Passwords are at the foundation of security and access control ever since humans felt the need of securing resources and access to it. Passwords have been used and abused since millennium and the best documented example of this is “Open Sesame”. 

The surprising fact is even after millennium passwords are ubiquitous, and mean anything but security. The World Password Day is coming up on 7th of May 2020,  let us see what we have learned in the last decade about passwords.

Passwords are Pain

Passwords are pain for an enterprise, right from its users to administrators.

Pain to Manage

A 2016 survey conducted by Intel Security concluded that an average person uses 27 discrete online services. For security reasons it is a must to have different passwords for enterprise applications, social networking sites and online banking but at the same time, very painful to remember all of them. People often reuse their enterprise passwords at external sites and vice versa.

Pain to Comply & Govern

Compliance & Governance mandate passwords to be complex and securely stored. Time and again we have seen from the incidents at  Robinhood, GitHub, Facebook, Instagram and Citrix that even world class enterprises fail to comply. Another big governance failure is to restrict unwarranted sharing of credentials and OTP within an organisation.

Enterprise measures for compliance & governance are defeated due to users’ and administrator’s common but insecure practices.

Passwords in plain text
Passwords in plain text

Pain to Secure

Enterprises spend a significant sum to secure passwords by layering them with additional factors. This increases more things to manage and support but still leaves passwords insecure.

Enterprises are insecure as long as they have passwords in their system

Credential sharing
Credential sharing

Passwords are Risk

2018  Verizon Data Breach Investigation Report stated that 81% of the breaches that year involved Passwords. Phishing, credential stuffing and stealing passwords from processes or dumps being the top vectors.

2019  Verizon Data Breach Investigation Report stated Stolen Credentials as a top most risk for an enterprise, along with web-application vulnerabilities and ransomware.

2020 First quarter is over and things have not changed much. So far we have seen several security incidents involving Passwords.

Cognizant breached by Maze ransomware
SFO Airport breached with stolen credentials
Compromised Zoom credentials swapped in underground

Phishing
Phishing

Passwords are Outdated

The universal availability of mobile devices and newer ways  of authentication it offers, has inspired the world to think Beyond Passwords.

Gartner suggests “Eliminate centrally managed passwords for better security, fewer breaches, lower support costs and enhanced user experience.” in its report Passwordless Approach to improve security

Conclusion

This new decade is a time to go passwordless.

© 2024 | PureID. All Rights Reserved

Privacy & Terms | Licenses