As reported by ZDNet, Verizon’s Data Breach Investigations Report shows that, “Authentication-based attacks factored into about four of every five breaches involving hacking in 2012.”
The report states that password-protected systems were hacked using such methods as guessing, cracking, or reusing valid credentials. Of those methods, it’s obvious that the reuse of valid credentials is the most troubling in terms of everyday users unwittingly contributing to the overall data-breach threat.
“The easiest and least-detectable way to gain unauthorized access is to leverage someone’s (or something’s) authorized access,” the report stated.
But the report is more an indictment of password-based authentication in general than of user complicity (either unknowing or through carelessness) in password-based attacks.
From the report: “If we could collectively accept a suitable replacement (for passwords), it would’ve forced about 80% of these attacks to adapt or die. We’ve talked about the shortcomings of passwords for years now, and if it were an easy problem (or the pain caused by password problems was greater), it’d be fixed by now.”