It’s hard to find a major cyberattack over the last five years where identity — generally a compromised password — did not provide the vector of attack.
8 Ways Governments Can Improve Their Cybersecurity
We are in an era where there is no such thing as a “secure” password; even the most complex password is still a “shared secret” that the application and the user both need to know, and store on servers, for authentication. This makes them inherently vulnerable to a myriad of attack methods, including phishing, brute force attacks and malware. The increasing use of phishing by cybercriminals to trick users into divulging their password credentials is the most alarming — a recent report from the Anti-Phishing Working Group (APWG) found that 2016 was the worst year in history for phishing scams, with attacks increasing 65% over the number of attacks recorded in 2015. As policymakers work to address these authentication issues, they will need to adopt solutions that move away from the shared secret model while also being easy for consumers and employee to use.