Protecting Digital Identity: Auth0 releases security report concerning digital identities
Auth0, the modern identity platform just announced the launch of its inaugural security report: The State of Secure Identity. This detailed report highlights key areas of concern for security professionals in charge of managing digital identities, such as the exponential rise of credential stuffing attacks (automated attempts to compromise a large number of user accounts using stolen credentials), fraudulent registrations, and the widespread use of compromised credentials.
Recent headlines and high-profile cyber attacks provide security professionals with a wide range of serious threats to be concerned about. The primary goal of cybercriminal activity is to gain access to critical resources, systems, and personal data, but systems that can be put in place to reduce the risk of such attack, like identity management, are often overlooked.
Lack of budget, resources, or attention to managing digital identities provides a prime opportunity for threat actors to exploit these gaps and carry out their attacks covertly.
Over the past year, Auth0 researched into their global customers and found some important facts and figures, including
· Credential stuffing accounted for 16.5% of attempted login traffic on its platform in the first 90 days of 2021, with a peak of more than 40% near the end of march – all of which Auth0 detected and prevented.
· The top two industries most affected by credential stuffing attacks are travel & leisure and retail.
· The number of fraudulent registrations varies by industry vertical, but bots account for roughly 15% of all attempts to register a new account.
· During the first 90 days of 2021, the Auth0 platform detected breached passwords at a rate of more than 26,600 per day, with a low of just under 7,300 and a high of more than 182,000 on Feb. 9, 2021.
On the significance of this report, VP of Security Engineering of Auth0, Duncan Godfrey said “Securing customers’ identities is made more difficult by industry-wide failures to protect data. The prevalence of breached passwords and the availability of automated attack tools makes the humble password a protective measure from the past, T he State of Secure Identity Report is designed to share our unique identity security insights and recommendations with the industry so that application builders and developers at any organization can take the steps they need to improve their overall security posture, and make things more secure for end users.”