Inaugural report reveals insidious trends and provides mitigation strategies for security professionals
Auth0, the modern identity platform, announced the launch of its inaugural security report: The State of Secure Identity. This detailed report highlights key areas of concern for security professionals responsible for managing digital identities, including the exponential rise of credential stuffing attacks (automated attempts to compromise a large number of user accounts with stolen credentials), fraudulent registrations, and the widespread use of breached credentials.
Recommended AI News: RuneScape Launches on iOS and Android Today after 1.8 Million Players Pre-register It on Mobile.
“The State of Secure Identity Report is designed to share our unique identity security insights and recommendations with the industry so that application builders and developers at any organization can take the steps they need to improve their overall security posture, and make things more secure for end users.”
Recent headlines and high-profile cyber attacks give security professionals a wide swath of serious threats to worry about. The primary goal of cybercriminal activity is to access critical resources, systems, and personal data, yet systems that can be put into place to minimize the risk of attack — like identity management — often get deprioritized. Lack of budget, resourcing, or attention on managing digital identities give threat actors a prime opportunity to take advantage of these discrepancies and surreptitiously execute their attacks.
Recommended AI News: IBM Closes Acquisition of Turbonomic to Deliver Comprehensive AIOps Capabilities for Hybrid Cloud
Research into Auth0’s global customers over the past year found these key facts and figures:
- In the first 90 days of 2021, credential stuffing accounted for 16.5% of attempted login traffic on its platform, with a peak of over 40% near the end of March — all of which Auth0 detected and prevented.
- Travel & leisure and retail are the top two industries most affected by credential stuffing attacks.
- The number of fraudulent registrations vary by industry vertical, but roughly 15% of all attempts to register a new account can be attributed to bots.
- In the first 90 days of 2021, the Auth0 platform detected breached passwords at an average of more than 26,600 per day, with a minimum of just under 7,300 and a high on Feb. 9, 2021 exceeding 182,000.
“Securing customers’ identities is made more difficult by industry-wide failures to protect data. The prevalence of breached passwords and the availability of automated attack tools makes the humble password a protective measure from the past,” said Duncan Godfrey, VP of Security Engineering, Auth0. “The State of Secure Identity Report is designed to share our unique identity security insights and recommendations with the industry so that application builders and developers at any organization can take the steps they need to improve their overall security posture, and make things more secure for end users.”
