PayPal says crooks poked around 35,000 accounts in credential stuffing attack
https://www.theregister.com/2023/01/19/paypal_data_breach/
This report says “That passwordless option is looking really good right about now” — Well, they seem to have forgotten that WHAT IS REMOVED CANNOT SERVE.
“What is removed can never be attacked” is true, and “what is removed can never serve” is also true. The latter is often forgotten. Soldiers and passwords, that are not there and therefore can never be attacked, would never be able to serve.
Interested?
You are invited to spend several minutes on “How to not see our weak digital identity further weakened” https://www.linkedin.com/posts/hitoshikokumai_democracy-privacy-data-activity-7022058674575605760-5ASs
We have published a one-stop reference paper on the security effects of removing the password from digital identity
Besides our most comprehensive dissection of the ‘passwordless’ misperception, also taken up are such related topics as
- Unable to Serve
- Pseudo-MFA
- False Sense of Security
- Cybersecurity Professionals
- Digital Dystopia
- Quasi-Passwordless Schemes
- Where ‘Passwordless’ schemes could be supported
- FIDO Initiative
“How to not see our weak digital identity further weakened” https://www.linkedin.com/pulse/how-see-our-weak-digital-identity-further-weakened-hitoshi-kokumai/
We often hear ‘xxxx-fatigue’ these days. ‘Password Fatigue’ is one of them.
Well, there could be two approaches to cope with this fatigue problem.
One is to throw away the password and give up the security somehow provided by the password. This is what ‘passwordless’ and ‘biometrics’ authentication schemes are…
How digital identity unleashes the power of institutional DeFi
We could have taken up this topic a bit differently — “How wrongly-configured digital identity de-unleashes the power of institutional DeFi”.
Wondering how we can configure digital identity wrongly?
Here are the answers -
“LOSS of Security Taken for GAIN of Security”
https://www.linkedin.com/pulse/loss-security-taken-gain-hitoshi-kokumai/
“Biometrics Unravelled | password-dependent password-killer”
https://www.linkedin.com/pulse/biometrics-unravelled-password-dependent-hitoshi-kokumai/
We wish that FT is not among those guys.
- Thanks Rich Young for referring me to this FT article.