More than three billion emails and passwords were just leaked online - comment from Yubico
February 2021 by Nic Sarginson, Sr. Solutions Engineer for UKI and RSA at Yubico
More than three billion emails and passwords were just leaked online. When data breaches occur the cybercriminals responsible may leak credentials from one company, this time they have leaked the stolen usernames and passwords from many organisations. Earning its name, “Compilation of Many Breaches” (COMB), this new leak contains more than 3.2bn unique pairs of cleartext emails and passwords gathered from past leaks.
Nic Sarginson, Sr. Solutions Engineer for UKI and RSA at Yubico, has made the following comments:
“Shockingly, some organisations are still relying solely on passwords, even though 81% of data breaches can be attributed to stolen credentials. Indeed, passwords come with a range of inherent weaknesses — they can be easy to guess, they get reused and, of course, they can be phished. Risky password and authentication practices are still rife in our professional and personal lives. In fact, research from Ponemon Institute found that UK IT professionals reuse their passwords across an average of ten personal accounts, while 39 percent of individuals and 58 percent of IT professionals have also done this across workplace accounts.
“These security gaps point to the urgent need for additional layers of authentication tools – but to be successful, they must also be convenient. Security keys are a great example of this. They deliver phishing-resistant two-factor authentication (2FA) and a higher level of security than memorable words or SMS one-time passwords (OTPs). Requiring employees to authenticate using a device – in addition to log-on credentials – will better protect networks, applications and data in the long run.
“Gartner predicts most enterprises will implement passwordless methods in over 50 percent of use cases by 2022. However, with the majority of people currently working remotely, there is a real possibility that COVID-19 could accelerate this passwordless adoption. If that’s the case, security must absolutely be at the forefront of this change.”