Estimated reading time: 2 minutes
Info Stolen!
The exposed credentials open “the doors to pretty much any online service imaginable, from Apple, Facebook, and Google, to GitHub, Telegram, and various government services,” reports news site Cybernews on the massive log-in breaches. The site identifies the likely culprits as hacking groups using “infostealers,” malware designed to steal passwords and other data from computers.
Infostealers Threatening Primacy of Password Security?
PC World explains why infostealers are such a threat: “You can use strong, unique passwords. You can store them in a password manager. You can keep your vault protected by a PIN or biometrics when not in use. But if this kind of malware infiltrates your PC or phone, you lose the benefit of those security measures. Infostealer malware can capture all kinds of data from your PC or phone, including your login details.”
Better Password Systems & Alternatives
So what to do if good password hygiene is no longer enough to protect your enterprise from hackers using infostealers? “Credential vaulting and automated password rotation are foundational to stopping lateral movement. By continuously rotating credentials and limiting their lifespan, organizations and consumers can invalidate stolen hashes and prevent attackers from moving freely,” explains Spencer Young, SVP EMEA of Delinea, a provider of identity security solutions.
“Passwordless initiatives with the aim of reducing the risks are becoming increasingly more popular as well,” Young adds. “Technologies such as biometrics, where biometric data remains encrypted and safely stored in the device and does not travel across the network, improves the authentication process because it’s based on a factor that only the user has and does not leave their device.”
RELATED NEWS
The Role of Human Error in Cybersecurity Failures and How to Mitigate It(Opens in a new browser tab)
