Back in 1994 MacDonald’s was proud to announce their 100billionth hamburger sold. In 2013 The Wall Street Journal reported that they had now reached 300 billion. Now, while we are currently hovering around 7.7 billion people populating planet Earth, this is clearly a remarkable feat by a fast food company. Since we seem enamored with large statistics, it stands to reason that CISOs will be devasted to learn that the number of stolen passwords can now be counted in the billions as well. Yes, as in billions with a “b” not “millions with an “m”.
Your Credentials Have Already Been Stolen
As of June 30, 2018, it was documented that 4.2 billion of the 7 billion plus people in the world have access to the internet. Unfortunately, according to a recent Consumer Reports article we now have over 2 billion emails and passwords published publicly. The article is titled “Over 2 Billion Stolen Emails and Passwords Surface Online” and reports:
“The information doesn’t appear to stem from a massive new data breach. It’s more likely to be an aggregation of consumer information stolen over the years from companies such as Yahoo, LinkedIn, and Dropbox.”
The article goes on to also say:
“It’s the “enormous” size of the data set and the fact that it’s packaged in a full-service list that makes this latest security threat noteworthy, says Emily Wilson, vice-president of research for the cybersecurity firm Terbium. Though the passwords may be outdated for Yahoo or LinkedIn accounts, hackers can still try to use them to access consumers’ other accounts.”
So, with 2 billion emails and passwords “served” up to the public for (mis)use, it stands to reason that at some point every password you have ever created may come back to haunt you if you are in the habit of reusing permutations of past favorites.
Even Passwords Not Yet Created
What is even more disconcerting is the knowledge that most (if not all) passwords are hashed based on Symmetric Keys or Public Keys that rely on prime numbers and cryptographic algorithms.
It seems that today, hackers are as smart and, in some cases, smarter than those creating the cryptographic algorithms. This is the ultimate Achilles heel. Cyber criminals now focus on the algorithms and infrastructure to manage the keys instead of the passwords themselves and find ways to crack millions of credentials in a single attack.
It’s Time For A New Approach
We all know that the definition of futility is doing the same thing but expecting a different outcome. So why is it we keep using passwords and expect them to be safe? Now is the time to evaluate and implement a password-less solution that continuously authenticates your users based on cognitive authentication. In other words, leverage new AIML technology to create an immutable way of authenticating users.
Acceptto’s eGuardian engine continuously creates, and monitors user behavior profiles based on the user interaction with the It’sMe authenticator. Every time an activity occurs, actionable intelligence is gathered and used to optimize the user profile. eGuardian is capable of autonomously and continually learning new policies and adapting existing ones. While policies can still be manually defined and contribute to the computation, our Biobehavioral AIML approach automatically finds the optimal policy for each transaction. eGuardian leverages a mixture of AI & ML, expert systems and SMEs to classify, detect, and model behavior, and assign real-time risk scores to continuously validate your identity prior to, during and post-authentication.
Check out what Acceptto can do to ensure your employees, partners and customers can authenticate without passwords and still ensure security and privacy registering for a free demo today.