The most recent password heist compromised over 1.2 billion passwords from over 420,000 websites. This massive attack is the largest scale breach we’ve seen to date with global implications. Organizations need to take action immediately and provide higher-level security through eliminating passwords and PINs.
When I read the news last night that over 1.2 billion passwords had been compromised from over 420,000 websites, at first I couldn’t believe it. Then I was in shock, as I slowly realized how massive this password breach really is. It makes the password breach that occurred at EBay earlier this year, when only145 million passwords were compromised, seem minor. When I found out about the eBay password heist, I quickly logged into my account and changed my password. I felt safe – problem solved. With this breach, which can only be described as the ultimate failure of internet security of all time, I feel scared. The chances that I’ve been hit, and that you’ve been hit are high. There are 2.9 billion internet users in the world. Assuming that hackers compromised only one username/ password per internet user, that would mean that over 40% of internet users globally are affected by this attack. The fact is that some internet users probably had several of their usernames/passwords compromised. Worse, there’s not much you can do about it. If you change your password, and the site is still compromised, you’re just sending your new password to the hackers. Internet security experts are still in the process of notifying the affected websites, and for now few details are available about this password breach.
Why am I scared? I could have my money stolen, as my colleague Oksana experienced recently. I also dread the prospect of dealing with the proactive security measures that often follow these breaches. I have travel coming up and the last thing I need is to deal with a frozen credit card, a locked banking web-portal, and the horror of having to call my financial institution to deal with any of these issues.
The questions we need to ask ourselves is why are organizations out there still using passwords in the first place? Passwords have proven to be grossly insecure, if not a “nightmare,” as password inventor Fernando Corbató recently described them in a Wall Street Journal interview. And if they are so insecure, why aren’t we looking for alternatives to passwords if these breaches keep happening? The cost of a single data breach to an organization is roughly $3.5M, and you can bet that these costs get passed on to the consumer. And let’s not forget the time that consumers spend changing passwords, dealing with the impact of stolen account information, stolen identities, and so on.
There are, in fact, alternatives to passwords that are easier to use and that are more secure, and which have proven effective in real-world applications. Organizations don’t need to implement convoluted procedures in order to increase security. They simply need to rethink their approach. Voice biometrics has started to replace passwords as a more secure and convenient alternative across financial institutions, telecom providers, and even in home security systems. Taking passwords out of the equation not only makes things easier and more secure, but it makes the threat of these massive breaches a non-issue.
This is far and away the largest-scale breach we have ever seen, and once again passwords (and of course the hackers) are to blame. When is it time to say enough is enough? As consumers, we can follow best practices all that we want, but passwords will only ever go so far to protect us as a security standard. When will organizations step up to the plate and start providing higher-level security? Why not now? Take our quick poll below…
Like you, CX and biometrics expert Brett Beranek – Director Product Strategy, Enterprise – is fascinated by transformative technologies that have a real impact on our lives. With over fifteen years of experience in the customer experience and biometrics space, Brett brings strategic and tactical insights to organizations wishing to deliver a better experience to their customers via innovative security technologies.
Prior to joining Nuance, Brett a technologist and entrepreneur by education and passion, successfully introduced several disruptive technologies to the health-care, IT and security markets, including as a partner of facial recognition firm Viion Systems and member of Genetec’s management team, a security firm that transformed the video surveillance market. Brett also currently serves on the advisory board of high-tech healthcare startup GaitTronics.
Brett earned a Bachelor of Commerce, Information Systems Major, from McGill University as well as an Executive Marketing certificate from Massachusetts Institute of Technology’s Sloan School of Management.
Brett loves travelling the globe and discovering new cultures with his three kids, Layla, Rayan and Nora and his wife, Tania.