Auth0, a product unit of Okta that offers a modern approach to identity and enables organizations to provide secure access to any application, authenticates and secures more than billions of logins per month in more than 70 countries. With this industry knowledge, he shares insight on what were the top threats recorded in 2021 and the basic points to consider to be efficient in managing secure and practical digital identities.
The login is the first point of contact of a business or service with users, so it is essential to achieve a good experience that combines comfort, privacy and security, as well as to ensure a good first impression of users.
The State of Secure Identity Today
Digital identities are constantly evolving and who we are as users is being redefined all the time. From basic username and password combinations to fingerprints and browser-based behavioral profiles. Any identity system must ensure that each user is who they say they are, and mitigate fraudulent activity.
In a context where cyber-attacks are increasingly haunting organizations and individuals, Auth0’s identity and access management platforms detected – in the first 90 days of 2021 alone – an average of more than 26,600 breached passwords per day.
According to Auth0’s latest report, up to 40% of logins are related to password reuse attacks and the main sectors targeted are: tourism, travel and leisure, retail and government. Among the most famous attacks in the last year, there are also multifactor authentication bypasses, where the hacker gains access by circumventing this strong defense. In the first quarter of 2021 alone, Auth0 detected more than 87,000 hacking attempts using this technique. Moreover, it is noted that 15% of erroneous registrations correspond to fraudulent registrations, where hackers abuse the login process to create «puppet accounts» or fake accounts.
Without neglecting this reality, and responding to user demands for comfortable, fluid and immediate browsing experiences, current trends such as passwordless login, the use of biometrics and multi-factor authentication are clear examples of what will be the future of the industry in the near future.
Recommendations: The ABC of Identity Management
For sites and applications that require login + password identification, it is essential not to use the same password for different accounts, try to make passwords at least 18 characters long when possible, consider using a password manager such as 1Password, compatible with LastPass, Keepass or keychains by operating system or browser and, for accounts that are not in a password manager, create long, unique and memorable phrases.
It is important that all important personal accounts such as email, social networks and finance-related applications are protected with multi-factor authentication (MFA) through applications such as Auth0 Guardian, Authy, Duo, Google Authenticator or even SMS, which allow a verification method that requires more than one type of user validation.
Social networks are one of the most problematic areas when it comes to safeguarding privacy. Therefore, it is recommended to adjust the privacy settings on each of the profiles, not to publish private information such as home address, private photos, phone number or credit card numbers publicly and avoid playing games or answering surveys on social networks that ask for confidential private information.
Keeping the computer and phone locked with a password or pin of more than four numbers is also of great importance, as is changing the default passwords of Internet of Things (IoT) devices we incorporate into the home.
In the face of cyber-attack trends, it is also becoming increasingly important to be cautious about the permissions that are accepted for all the applications we use, as well as to delete unused applications. This is in addition to encrypting the phone, computer and external hard drives, as well as keeping operating systems updated with the latest version at all times and backing up important files.