Your password could already be compromised — act now.
Update, April 19, 2025: This story, originally published April 18, has been updated with technical information regarding passkeys and their security advantages in light of the latest reports of compromised passwords being listed online.
That passwords have reached their collective sell-by date is not new news. You only have to look at the growing threat from millions of devices, for proof of that. Here’s the thing, even with two-factor authentication added to the login credentials mix, you are still not safe., employing attacker-in-the middle and session cookie stealing tactics, weaken even that defense. As if that all wasn’t worrying enough, I’m sorry to report that your password could already be compromised and available to hackers. Here’s what you need to know, why you need to act now, and what action must be taken.Hackers don’t break in, they log in. This, I’m sad to say, has increasingly become the reality for threat actors today. After all, why go to the trouble of finding vulnerabilities to exploit or using complex attack methodologies when there are readily available lists of compromised credentials out there to purchase? Heck, many of these lists are even available to download for free from criminal forums online., published April 17, there has been an 84% increase in the number of infostealers being delivered by phishing emails per week. As well as the phishing tactics, X-Force analysts said that other increasingly popular attack vectors include “Apple iPhone 17 Pro And iPhone 17 Pro Max: Latest Leaks Promise New DesignsEarly data for 2025, the X-Force report warned, has revealed an increase of 180% in the infostealer delivery threat compared to 2023. “This upward trend fueling follow-on account takeovers,” it stated, “may be attributed to attackers leveraging AI to create phishing emails at scale.’ What’s more, these are not just idle threats, for want of a better term. They are incredibly effective. In 2024, the X-Force report confirmed that some eight million adverts on the dark web and in criminal forums, each containing lists of hundreds of stolen credentials, were found in relation to the top five infostealer malware threats. That’s at least 800 million passwords, likely more, listed online and represents just the tip of this nefarious cyber-iceberg. With the same threat actors that are distributing these lists of stolen passwords also selling custom adversary-in-the-middle attack services to bypass 2FA protections, according to the X-Force researchers, there is little doubt that you need to take action, and take it now. The good news is that it’s pretty easy to protect yourself against both threats, and highly effective once that protection is in place. Better still, you get increased protection against criminal hackers while, at the same time, getting a more straightforward method of securely signing in to your accounts. It really is a win-win situation.A Google spokesperson told me that its internal research has revealed “security keys provide a stronger protection against automated bots, bulk phishing attacks, and targeted attacks than SMS, app-based one-time passwords, and other forms of traditional two-factor authentication.” The same message can be heard in the advice that a Microsoft spokesperson provided. “We recommend switching to Passkeys wherever possible and using authentication apps such as Microsoft Authenticator, which warn users about potential phishing attempts.”Passkeys were launched originally as part of an initiative by Apple, Google and Microsoft to effectively consumerize solid enterprise security authentication standards such as FIDO and WebAuthn. 1Password's chief product officer, Steve Won, explained to me exactly how passkeys work and how they are more secure than a password. “Every passkey is made up of two keys—a unique public key, which is created and stored on that company’s server, and a private key, which is stored on the user’s device.” The public key is used to create a challenge that can only be solved by the private key. “Because of this,” Won said, “passkeys are nearly impossible for hackers to guess or intercept because the keys are randomly generated and never shared during the sign-in process.”Passkeys are strong by default, and they can not be guessed by hackers because of their innate complexity. Passkeys are both phishing and social-engineering resistant, meaning that hackers can’t steal and use your credentials if there are no credentials to steal in the first place.Passkeys are effortless to create and use, automatically-generated with no room for human error and nothing to remember. They also provide a very familiar experience as users can authorize use of their passkeys to unlock any service with biometrics. If you still need to be convinced, visit Passkeys.io, where you can try a very simple passkey demonstration and see for yourself just how easy they are to use. And if you are concerned that losing your smartphone, or whatever device these passkeys are created and stored upon, means you lose all access, whereas a password can be reset, don’t panic. Although a passkey is created on one device in your ecosystem, it gets synced across all others and is tied to your account rather than any single lost device. If you need to recover a passkey then you simply sign into your passkey provider, say Apple’s iCloud Keychain or 1Password, for example, and recover it on another of your devices.
Credential Theft Password Theft Stolen Passwords Password Hack My Password Has Been Hacked IBM X-Force Infostealer Passkeys Hacked Password List
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Microsoft’s New Warning—Do You Need To Stop Using Google Chrome?Microsoft is warning users about Chrome—here’s what you need to know and do.
Read more »
FBI Confirms Chrome, Edge, Safari Warning—Stop Using These WebsitesThese attacks are real—here’s what you do.
Read more »
FBI Confirms Chrome, Edge, Safari Warning—Stop Using These WebsitesThese attacks are real—here’s what you do.
Read more »
Microsoft Warns 1 Billion Windows Users—Do Not Use PasswordStop using your password—here’s why
Read more »
Microsoft Warns 1 Billion Windows Users—Do Not Use PasswordStop using your password—here’s why
Read more »
Google Confirms Gmail Update—Stop Using Your Password NowDo not lose your account—do this now.
Read more »