According to Verizon's 2016 Data Breach Investigations Report, 63 percent of all data breaches were the result of compromised credentials. After Yahoo’s breach, 500 million credentials were added to an ever-growing list of over a billion of people's credentials available to hackers right now – and these are just the breaches we know about.
People who share the same credentials between sites are more vulnerable than ever. Some users are trying to use passwords the “right” way, changing all their credentials. Timothy Robnett, the Director of Identity and Access Governance at Anthem is an excellent example. Tim, a security superstar, recently completed the arduous task of updating every password for all of his ~160 accounts. As you can imagine, this was a complex process.
What’s the take away? Even if you’re a cyber-security expert at a top company, it’s really hard to use passwords the “right” way. That’s bad news for most of the rest of us. Have you or anyone you know completed the work Tim just endured? Probably not –and this leaves hackers with never-ending lists of usernames and passwords, along with answers to security questions like mother’s maiden names, favorite colors, high school mascots, social security numbers, and birth dates, etc.
Despite all of the major and recent breaches, most companies and websites are still using usernames and passwords which have possibly already been compromised elsewhere. People want simplicity, not security, and it's companies' responsibility to provide people with a secure, but convenient way to log on to their accounts, without forcing them to handle their credentials in ways so complex that even industry experts struggle with them.
Our advice to companies: do not expect that your customer base consists of security superstars like Tim. Most of them don’t understand they’re at risk, much less what to do about it. If you care as much about their security and privacy as you do about winning their business, you need to update your access methods immediately. Eliminating human readable credentials is easy, fast, and secure. Not only can you improve security, you can simultaneously cut costs and simplify the user experience. It’s an easy decision; either ignore the problem so hackers love you, or let us help you fix it so your customers love you.