Member Article

'The State of Secure Identity' report shines an urgent light on threats to digital identities

Recent headlines and high-profile cyberattacks mean today’s security professionals have many serious threats to worry about. The primary goal of cybercriminal activity is to access critical resources, systems, and personal data, yet systems like identity management, which can be put into place to minimise the risk of attack, often get deprioritised. Lack of budget, resourcing, or attention on managing digital identities give threat actors a prime opportunity to take advantage of these discrepancies and surreptitiously execute their attacks.

Identity expert Auth0 has released a new report to highlight key areas of concern for security professionals responsible for managing digital identities, including the exponential rise of credential stuffing attacks, fraudulent registrations and the widespread use of breached credentials.

In the first 90 days of 2021, Auth0 found that credential stuffing accounted for 16.5% of attempted login traffic on its platform, with a peak of over 40% near the end of March — all of which Auth0 detected and prevented. During the same period, the company detected breached passwords at an average of more than 26,600 per day, with a minimum of just under 7,300 and a high on Feb. 9, 2021 exceeding 182,000. Travel & leisure and retail were the top two industries most affected by credential stuffing attacks and, while the number of fraudulent registrations vary by industry vertical, roughly 15% of all attempts to register a new account can be attributed to bots.

“Securing customers’ identities is made more difficult by industry-wide failures to protect data. The prevalence of breached passwords and the availability of automated attack tools makes the humble password a protective measure from the past,” said Duncan Godfrey, VP of Security Engineering, Auth0.

Today’s abundance of applications and systems have never had more access points, leaving organisations and their end-users vulnerable to attacks. A reliance on passwords as a primary means of authentication, combined with our tendency to re-use passwords across applications, presents a number of security, user experience, and cost issues as outlined in the new report. Similarly, a 2021 Data Breach Investigations Report by Verizon, compromised passwords are responsible for 84% of breaches.

Passwordless authentication mitigates these challenges, and offers increased security and trust for applications, devices, and services providers; faster and smoother login experiences for their end-users; and cost savings by eliminating the need for password management support.

“Despite ongoing guidance around proper password creation and repeated warnings against password reuse, consumers crave convenience and continue to use the easiest and most convenient path for application access,” said Shiv Ramji, Chief Product Officer at Auth0. “A passwordless future is largely being driven by two primary forces — security and convenience. Companies want to secure the vulnerabilities that come with passwords, and they also want to offer their users a better digital experience.”

This was posted in Bdaily's Members' News section by D Baker .