Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
The human problem behind credential theft and reuse
Cyber Security: A Peer-Reviewed Journal,
4
(3),
223-231
(2021)
Abstract
Credentials are meant to keep accounts and information secure; unfortunately, they are failing to do this on a regular basis. The key reasons for this is not the length or complexity of these credentials, but rather how people are using and protecting them. It has been estimated that within the next few years the average Internet user will have 207 accounts to keep track of. Because the human brain can only remember so many of these long, complex passwords, people have resorted to using them across different accounts. This means a breach at one website may expose credentials to many others. Cybercriminals know how we behave and use this behaviour against their victims. When they are unable to just use credentials from previous breaches, these attackers know that they can easily trick many people out of them by simply using fake login screens to collect them in credential phishing emails. This paper looks at the issues related to password hygiene and credential phishing and ways to mitigate these risks.
Keywords: credentials; passwords; phishing; reuse; hygiene; multi-factor authentication; training; education
The full article is available to subscribers to the journal.
Author's Biography
Erich Kron is a veteran information security professional with over 20 years’ experience in the medical, aerospace manufacturing and defence fields. He is the former security manager for the US Army’s 2nd Regional Cyber Center — Western Hemisphere and holds CISSP, CISSP-ISSAP, MCITP and ITIL v3 certifications, among others. Erich has worked with information security professionals around the world to provide the tools, training and educational opportunities to succeed in information security.
