Passwords, which are designed to create security, have become the weakness that hackers have used in 85 percent of hacks over the last decade. These breaches can be very costly. Lots of companies, for instance, have lost millions of dollars in the past because of it. Some individuals have had their identities stolen. Many celebrities have gotten their images damaged. Worse still, some vital and top secret government information has equally gotten exposed due to these security breaches.
As a result, there is a movement in the tech security industry to move away from password-based security altogether. Wiacts is one of the firms pushing this move.
In a recent blog post, they named the top 10 hacks that their tech would have prevented. I asked Yaser Masoudnia, their CEO, to comment on some of those hacks. And below are what he had to say about them:
1. Vtech Hack
Vtech is a large toy production company. This makes it look like an unusual target for an attack. But when the company was hacked, millions of people had their data compromised, including customer names and home addresses. A number of weak security practices led to the breach, including poor password security.
Hackers are indiscriminate in their targets. It doesn't matter if you're a large financial institution, a government agency, or a pet store. Your company can be the target of a hacker who is looking for Social Security numbers, credit card information, or other sensitive information.
2. The Infamous CIA Director Attack
Teenagers were able to break into CIA Director John Brennan's email account by using personal information they found. After gaining access, they published pages of sensitive documents, including personal information found in Brennan's application for a security clearance.
Our security measures going forward need to include measures like WiActs' geofencing, which prevents anyone from logging into an account outside of a geographic area determined by the account holder.
In other words, Director Brennan could have prevented anyone outside of his own office from logging into his email. This is an important layer of security, considering that 90% of attacks begin externally, many from outside of the country.
3. The Ashley Madison Hack
Not all hacks involve leaking sensitive national security information, but every hack has the ability to alter lives forever. Such was the case with the Ashley Madison hack. This particular hack was widely publicized, largely due to the nature of the website involved.
The company built its multi-million dollar brand by giving its users the ability to have discreet, private affairs. When its database was hacked, thousands of users' information was released in one of the most publicly embarrassing hacks in recent memory. The breach was made possible by sloppy password management.
4. The Lastpass Hack
We all have a bevy of passwords to remember. There are hundreds of accounts that you need to log into on a regular basis. They range from your online bank account, to your Amazon shopping cart, email, Facebook, Spotify, and the list goes on. Many people use a password manager that remembers login information for you so you only have to remember one password. That is convenient for you, but when well-known password manager Lastpass was hacked last year, it caused many people to rethink their personal security.
Using a password manager may be convenient, but you are putting all your eggs in one basket. One breach can expose all of your accounts.
5. Hackers Breach the IRS Database
No taxpayer would ever want to believe that his or her sensitive financial information might be vulnerable; but that is what happened when the IRS was hacked via stolen credentials. All the hackers had to do was enter the credentials to download the data of tens of thousands of taxpayers. Access management could have prevented the hack. Geo-fencing may have worked as well since it is believed that the hack originated in Russia.
Hackers are constantly innovating, and so should our security. The issue now is that passwords cannot get more secure. Just requiring more complexity will not make them any less vulnerable. It seems likely that in the coming years, passwords may go away entirely and be replaced by solutions like WiActs.
However complex that shift may seem at first, it cannot be worse than trying to make a password that is 16 characters long and must include upper and lower case letters, numbers, special characters, and several hieroglyphics.