2021 turned out to be a consequential year for password security and acknowledgment of its flaws.
First, recent studies have shown that compromised credentials are the current most popular initial attack vector. According to IBM, compromised credentials are currently responsible for 20% of breaches.That number would only be inflated by including follow-up attacks made possible because of the initial intrusions gained from compromised credentials. It’s not just that compromised credentials are so widespread, but also that they are taking longer to identify and contain, too. On average, breaches caused by compromised credentials took 250 days to identify and 91 additional days to remediate. When added together, that’s almost an entire year of exposure.
These numbers are also made worse when viewed in context of other recent events. In February, a record was set when a database containing 3 billion passwords was made available online in hacker forums. What was different about this database was that it was not only a compilation of past attacks in list form, but also searchable. The database record lasted until June, when a new freely available database containing8.4 billion passwords was posted and obliterated it.The problem now is the availability of information and the ability to correlate it across disparate sources. Hackers have all the information and momentum on their side.
The industry is making a tacit admission that current processes aren’t working because the creation rules are getting ready to change again. Instead of complexity, experts are now suggesting a combination of three ‘random’ words is better than the current combination of numbers, letters, and special characters. But the same problems that impact complexity – namely, that the random element is just not that random – is already expected to impact a choice of the three words.The process is already outdated before it can be implicated. Passwords are currently at their point of highest weakness. The hard truth is that passwords are losing their security effectiveness. Humans, and that includes your users, will take the path of least resistance. Always. Modern life means complications, and if there is a shortcut to be taken most will do so simply for the sake of efficiency.
Enterprises don’t have to sit back and wait to be attacked, though. SentryCard enables organizations to change their security odds by changing the game itself and preventing every attack that originates with stolen or fraudulent credentials. It not only meets the challenges of the current world, but also builds in resilience against future attacks. SentryCard evolves authentication with fraud-proof identity verification that cannot be forged and is useless if lost or stolen. With SentryCard, you can ensure every request coming from your users is valid and authorized because it relies on biometric fingerprint matching stored and verified on the card itself. It’s a converged security solution that bridges the gap between software and hardware, yet doesn’t require the replacement of existing equipment.
By replacing a reliance on passwords with fraud-proof biometric authentication that meets FIDO2, you can move your security forward and build resilience against any threat that involves stolen or forged credentials. To learn how SentryCard adds a level of protection to your entire organization with verifiable identity integrated into your current environment, please clickhere to contact Sentry Enterprises.