Hackers have managed to steal over 2 billion passwords during 2021 (opens in new tab)a new report from ForgeRock claims.
The company’s fourth annual breach report found that in addition to passwords, hackers have been stealing people’s names, addresses, Social Security numbers, dates of birth, protected health information (PHI), and payment or banking details.
What’s more, that $2 billion is an increase of more than a third (35%) compared to two years ago.
most vulnerable link
Most of the time, hackers sell data on the black market, such as underground web forums and trading sites. While buying passwords themselves are usually not expensive, they do open the door to many potential attacks, from identity theft to ransomware and everything in between.
The same report said that two years ago, more than 15 billion passwords were for sale on the dark web.
“Usernames and passwords are the weakest link on the internet. The world has moved far beyond the point where simple passwords can provide adequate protection, and attackers know that. The trend toward passwordless authentication, fueled by the FIDO2 WebAuthn standard, is gaining ground Motivation: It increases the security and ease of use of online access, while greatly reducing the usefulness of cybercriminals to steal credentials,” said ForgeRock CEO Fran Rosch.
ForgeRock believes the future is passwordless, with biometric solutions (facial recognition, fingerprint scanners, etc.) at the forefront. Others prefer multi-factor authentication as the best way to secure online accounts, as time-based keys and tokens prevent password-only access to other people’s accounts.
That being said, ForgeRock expects the passwordless authentication market to grow from $12.79 billion last year to more than $53 billion by 2030. Whether this actually happens remains to be seen. The password has been announced countless times before, but somehow, despite its shortcomings, it still prevails.