Password era has finished
Your password is not sure – with billions of now compromised passwords “by promoting crime online, putting individuals and businesses at risk.” And a new 2FA warning that codes can be overlooked or stolen, with equipment hacks and malware “Catching credential paper, signs and cookies in real time, effectively bypassing 2FA.” This new alarming 2FA attack significantly raises the bar, making conventional phishing methods and their naturally ineffective security measures. “
The US government has warned Americans to stop the use of SMS for 2FA, and we have only seen news that Google is now defeating SMS for its billions of Gmail users, although the reported alternative to its QR code is wrong. SMS 2Fa codes are used at the same time as usernames and passwords – that combination must be completed. It is not enough to add more security to your account, you should also delete the old.
This campaign to replace the old with something new is accelerating as the threat landscape is always deteriorating. In the last 24 hours alone, we have seen a new report from Cofense in new sophisticated phishing campaigns that the Americans aim for during the tax season and warning of the strongholds for new lures that impose government messages. This comes shortly after a new warning that even email signatures are now under attack.
Microsoft has come forward with the best tips for its users – and this applies to the entire board. The password era is running out, “she says, and because” bad actors know it, they are desperately accelerating password -related attacks while they can still. “This starts by email, especially Gmail and Outlook, because most attacks start with phishing and these are the account credentials that are more precious.
Microsoft is conducting a campaign to delete passwords, with attacks doubled from a year ago. “We’ve never had a better solution to these widespread attacks – crossings.” But if users provide passkeys but leave passwords and 2FA basic in the country, “the account is still at risk for phishing,” he warns. “Our ultimate goal is to completely remove passwords and have accounts that support only phishing resistant credentials.”
And this is the lesson from all the latest warnings, from deteriorating this threat landscape. Passkeys are not perfect, but they are much better and improve all the time. Based on your safe, reliable access to the device to credited you is better than any combination of passwords and codes that can be overlooked or tapped.
The Fido Alliance, which is forming and directing the adoption of the passage, reached me this week with the news that “87% of companies in the US and the UK have implemented or are in the process of crossing the passage,” warning that “with internet -driven threats to growth, companies are prioritizing passers -by, improves the experience of employees.”
But again, the passkeys adoption is half the story, the password deleting is the other half, the most difficult. As Microsoft admits, “Even if we get more than a billion users to register and use switching”, it will not solve the problem if passwords are not also deleted.
The tips are simple. Set Passkeys on all accounts where this is an option. And disable 2FA SMS to ensure that your passage is the only means to provide access. If you have a stronger measure of certification, such as a physical key or an authenticating application, then this is clearly good – they do the same.
To be more specific – you do not have to have any accounts without activating 2Fa/MFA, do not use platforms or services that do not provide this. And you need to identify your most sensitive accounts and services and ensure that the certificate is not only SMS -based.
Microsoft says “millions of users have deleted their passwords”, though they need this number to reach a billion before it is done. I would like to see the same simplicity from Google as well, as these are the two companies with the largest phished users bases.