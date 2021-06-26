Officially released this Friday (25), the survey The State of Security Identity, Auth0, shows that automated cyber attacks are a growing concern among companies. According to the company, such actions are used to register false credentials, perform authentication bypasses, test the use of leaked passwords and carry out attacks based on identity theft.

The report reveals that, in the first 90 days of 2021, automated attempts to compromise a large number of user accounts corresponded to 16.5% of the traffic registered by the login platforms of the analyzed companies. In March, that number jumped to 40%, indicating an increase in criminal activities.

The study shows that companies in the travel and leisure and retail sectors are the most affected by attacks that compromise large amounts of accounts and that, overall, 15% of all attempts to register new accounts can be attributed to bots. By using automated methods, attackers gain agility in their actions and can quickly take advantage of large data leaks — such as RockYou2021, which compromised 8.4 billion accounts in June.

Solutions must be safe and accessible

“Protecting customer identities is hampered by data protection failures across the industry. The prevalence of cracked passwords and the availability of automated attack tools make modest password a protective measure of the past,” said Duncan Godfrey, vice president of Auth0 security engineering.

The report points to the use of credentials based on technologies that go beyond traditional passwords as a solution to many of these problems. By betting on solutions such as biometrics and techniques that do not require passwords, but guarantee the authenticity of access, companies can protect themselves from relatively common threats that gain strength with the implementation of automated systems.

Other solutions identified by the report include the mandatory use of strong passwords (which mix uppercase, lowercase, special and number characters) and preventing the same key from being used in more than one service. It is also recommended to create solutions that make it easy to reset a password and minimize friction with consumers and ensuring the security of your personal information.