THE PASSWORD PROBLEM – reason for majority of cyber attacks // Arimo Koivisto
H
ow much do you love your passwords? How many passwords do you have and are you sure you do not reuse the same password in several accounts? How do you securely store all those passwords and how often do you update them? How do you avoid phishing and frauds which aim to steal your password and username? Passwords truly are problematic for many reasons. They are painful to use, and they do not offer sufficient security. This is a significant problem; According to the Verizon Data Breach Investigations Report, over 70% of employees reuse passwords at work and 81% of all data breaches are successful because attackers can leverage stolen or weak passwords. This typically allows attackers to breach the system or inject ransomware etc. Passwords are a 60-year-old invention. Phishing attacks are something we are all familiar with. They are more and more sophisticated and as consumers and organisations we must protect ourselves from these attacks. Typically, we must be extremely careful when login into a service and take extra efforts to maintain password security. This requires effort to 14
|
CYBERWATCH
FINLAND
train people to be careful with their passwords and logins. Passwords are painful to use and typical second factor code like SMS code makes the login process even more compilated. This is called legacy Multi Factor Authentication (MFA), which relies on two different passwords, the main password and second one-time-password (OTP) like the one you receive by SMS. Many organisations have deployed legacy MFA which is a good first step. There are already many attack methods against passwords and OTPs. Many banks suffer phishing attacks where attackers try to steal both bank customer´s passwords and OTPs via false login windows. Also, Microsoft accounts are very popular among cyber criminals, and they try to make you login to false Microsoft services to steal your credentials. Several global data breaches and ransomware attacks were successful because of passwords. The list is very long: Solarwinds, Twitter, Marriot, Colonial Pipeline, Zoom etc. Also, we cannot forget how many consumer services and their user information has been stolen, the
