Understanding the Importance of Security and Privacy on World Password Day

As we have stepped into the digital age, cybersecurity is safeguarding us from the greater threat of cyberattacks . While we are well aware that traditional passwords have been the primary guard for devices and online accounts, the question arises that, with time, these safeguards have become obsolete.

Hence, on the occasion of World Password Day 2024, AI‐TechPark brings an exclusive newsletter that will remind us of the critical susceptibilities of relying solely on password-based authentication, especially in the artificial intelligence era where passwords are effortlessly guessed, decrypted, and reused across multiple accounts, earning them a prime target for cybercriminals.

In an exclusive AITech Park article by Josh Blackwelder, he states that “AI has significantly scaled and refined the accuracy of phishing attacks. While in the past it involved blasting our poorly written emails to many users, today’s attacks bring together AI-crafted messaging with SMS push notifications and other forms of seemingly unthreatening behavior."

As technologies evolve, hackers have gradually become more tech-savvy, which allows them to quickly gain access to accounts and use stolen passwords. This cyber-hacking technique is called phishing and is utilized to target employees and trick them into revealing their official and unofficial passwords, either via email, phone, or text message.

To eliminate the constant phishing attacks, organizations can adopt 2-factor authentication, which will help to stop these episodes from succeeding. It is also proven by tech giant 微软 that 2-factor authentication plugs more than 99% of automated attacks on employees' accounts.

In March 2024, several 苹果 users faced a push-bombing attack involving several fake password reset notifications. The prompts were strategically designed by the phishers to insist on users' resistance or catch them off guard, leading to an accidental approval of the request. The phishers intended to get the available information through an SMS-based one-time password technique, ultimately allowing attackers to reset account passwords and remotely wipe users' Apple devices.

Another common mistake by users is to avoid forming unique passwords, and hence they end up reusing the same password for multiple accounts. For instance, if the password is compromised on one platform, either through a phishing scam or another method, all other accounts that use that same password are at risk.?Hackers take advantage of this typical bad practice of password reusing by employing a technique called credential stuffing, where they obtain a list of usernames and passwords from a data breach and attempt to access accounts on other unrelated platforms using those usernames and password combinations.

Share your thoughts in the comments section below, and for further insight into the most recent AI advancements and how they affect the IT industry, don’t forget to subscribe to Techtopia.