Cybersecurity researchers have discovered usernames and passwords for some 15 billion accounts online, including network administration credentials, consumer bank logins, and more. The researchers say that 5 billion of the 15 billion sets of credentials are unique and for sale on the dark web.
The dark web refers to pat of the Internet that most people cannot access and are probably unaware of. This area of the Internet is more likely to have legal and illegal stuff on their darknet marketplace. The dark web is a smaller part of the deep web; it can only be accessed using special software like Tor, I2P, and Freenet.
One way of addressing this issue is using specialist programs. For example, as TechRadar reports, LastPass has unveiled a new Security Dashboard which provides end users with a complete overview of the security of their online accounts, including investigating leaked passwords.
Looking at the issue for Digital Journal is ForgeRock’s CISSP and senior vice president of global business and corporate development, Ben Goodman.
According to Goodman: “Despite increased chances of having their accounts compromised, users will still lean towards password reuse and ignore warning signs. In fact, 57 percent of people who have already been scammed in phishing attacks still haven’t changed their password, enabling fraudsters to leverage compromised login credentials from one account to access additional profiles with more critical data, including banking and healthcare information.”
Goodman says it is time to think beyond the password, recommending: “Organizations must recognize the security risks of passwords and usernames, and adopt technology to enable passwordless and usernameless login experiences. By leveraging biometric authentication, organizations can create a secure and frictionless login experience similar to how most users access their smartphones, such as with Apple’s FaceID and TouchID.”
