16 Jun 2016

Passwords alone are not enough to prevent fraud, says Equifax

Following the news that millions of Twitter passwords have been leaked on the dark web, John Marsden, Head of ID and Fraud at Equifax, explains the dangers the population face as technology continues to evolve at an alarming rate.  

“Passwords are toppling like dominos. This year alone, companies such as Pintrest, LinkedIN, Tumblr and DropBox have all been hacked. As hackers crack more and more passwords, their algorithms improve and the speed in which they breach accounts increases; instead of taking weeks or months to crack 1% of passwords, it can now only take a few days to breach 90% of passwords. This is not hacking the company, but simply running high volumes of data and potential outcomes such as passwords through big data systems.

“Any breach can cause a ripple effect. Once in, hackers can take over online banking, steal identities and locate further personal details. As soon as data is stolen and shared online, often on the dark web, it can’t be treated as a one-time event; it never truly vanishes and can spread globally fast. Previous breached data shows exactly how people at a global and individual level set passwords.

“One of the major issues is that there are only so many unique passwords that humans can cope with. It is near impossible to remember multiple passwords using combinations of letters and symbols such as 5Ge8**233!!$. Data appearing on the dark web has proven there are very few new passwords created as people are re-using the same combinations over and over again.

“It’s difficult to determine what will actually stop this cycle. One possible answer may be for companies to introduce a second layer of authentication processing, such as device recognition, to help build the necessary barriers to keep data safe. Whatever the solution, one thing is clear; we need to act now before it is too late.”