The rising risks of passwords

2021 turned out to be a consequential year for password security and acknowledgment of its flaws.

First, recent studies have shown that compromised credentials are the current most popular initial attack vector. According to IBM, compromised credentials are currently responsible for 20% of breaches.That number would only be inflated by including follow-up attacks made possible because of the initial intrusions gained from compromised credentials. It’s not just that compromised credentials are so widespread, but also that they are taking longer to identify and contain, too. On average, breaches caused by compromised credentials took 250 days to identify and 91 additional days to remediate. When added together, that’s almost an entire year of exposure. 

The Security Stakes Are Higher Than Ever

These numbers are also made worse when viewed in context of other recent events. In February, a record was set when a database containing 3 billion passwords was made available online in hacker forums. What was different about this database was that it was not only a compilation of past attacks in list form, but also searchable. The database record lasted until June, when a new freely available database containing8.4 billion passwords was posted and obliterated it.The problem now is the availability of information and the ability to correlate it across disparate sources. Hackers have all the information and momentum on their side.

The industry is making a tacit admission that current processes aren’t working because the creation rules are getting ready to change again. Instead of complexity, experts are now suggesting a combination of three ‘random’ words is better than the current  combination of numbers, letters, and special characters. But the same problems that impact complexity – namely, that the random element is just not that random – is already expected to impact a choice of the three words.The process is already outdated before it can be implicated. Passwords are currently at their point of highest weakness. The hard truth is that passwords are losing their security effectiveness. Humans, and that includes your users, will take the path of least resistance. Always. Modern life means complications, and if there is a shortcut to be taken most will do so simply for the sake of efficiency. 

Enterprises don’t have to sit back and wait to be attacked, though. SentryCard enables organizations to change their security odds by changing the game itself and preventing every attack that originates with stolen or fraudulent credentials. It not only meets the challenges of the current world, but also builds in resilience against future attacks. SentryCard evolves authentication with fraud-proof identity verification that cannot be forged and is useless if lost or stolen. With SentryCard, you can ensure every request coming from your users is valid and authorized because it relies on biometric fingerprint matching stored and verified on the card itself. It’s a converged security solution that bridges the gap between software and hardware, yet doesn’t require the replacement of existing equipment.

By replacing a reliance on passwords with fraud-proof biometric authentication that meets FIDO2, you can move your security forward and build resilience against any threat that involves stolen or forged credentials. To learn how SentryCard adds a level of protection to your entire organization with verifiable identity integrated into your current environment, please clickhere to contact Sentry Enterprises.

Cyber attacks are about to rise dramatically

While the pandemic has thankfully started to fade, dangers to businesses are unfortunately only still increasing.

Part of the pandemic’s impact has been seeing the world become a more unstable place than it was not that long ago. It’s almost impossible to pinpoint when society will undergo an inflection point like a pandemic that increases specific types of risk. But once it happens, businesses have no choice but to respond. Unfortunately, the war in Ukraine is another inflection point that will require response and change. Businesses should understand that cyber-attacks are going to ramp up in an unprecedented way. A nation-state has now unleashed some of their most advanced exploits against a foe who uses modern protection mechanisms.

The next year is likely to be unlike anything we’ve seen because:

  • Unknown zero-day exploits have been weaponized and stockpiled to unleash as part of military assaults.
  • There will be a cyber response to these attacks and possibly escalation. The problem is those attacks and responses don’t stay contained. Stuxnet managed to escape industrial equipment that was not connected to any network. Things are far more connected now than then. 
  • It takes time and significant resources to develop advanced attacks like Stuxnet. The war means advanced hacking techniques will be exposed by their use and then likely adopted by attackers before security products and all the parts of the protection chain can respond.
  •  Relational databases of citizenry information will be leveraged for sophisticated phishing attacks. Brute-force dictionary password attacks will also increase dramatically, which will be exacerbated by their re-use, etc. 
  • Cyber weaknesses in a wide range of businesses, infrastructure, and entities have already been mapped. What’s been missing is not the knowledge, but the motivation to exploit them. Suddenly, there is a much shorter path from motivation to escalation than there used to be.
SentryCard by Sentry Enterprises

While it is impossible to know every attack that is coming, businesses should prepare as if they will be targeted simply because they can be. One way to fortify protection against the unknown is by building in resilience with a layered security approach. Because most attacks that will impact businesses still rely on stolen or forged credentials, organizations should ensure they are protected from those threats.

SentryCard gives organizations an easy and immediate way for users to provide proof of their identity and ensure they are who they say they are. It’s a self-contained, biometric portable ID card that serves as a multi-function credential for both physical and logical access. SentryCard ensures every request coming from your users is valid and authorized because it relies on biometric fingerprint matching stored and verified on the card itself. It’s fraud-proof in a way that current password-based solutions – no matter their complexity or multi-factor requirements – simply aren’t.

By replacing a reliance on passwords with fraud-proof biometric authentication that meets FIDO2, you can move your security forward and build resilience against the upheaval an inflection point can bring. For more information about how SentryCard can help you adapt your authentication to meet your security challenges, please click here to contact Sentry Enterprises.