Skip to content
keamanan digital

Sep 05, 2024

Password: Protector or Gateway to Cybercrime?

Did you know that the root cause of phishing and social engineering attacks lies in password breaches? Here's the explanation.

Today, online fraud causes losses exceeding 77 trillion rupiah annually in Indonesia. Why is this happening?

As society becomes more connected online, the digital world opens up new opportunities. From bank loans, health insurance policies, to purchases on e-commerce platforms for products that were previously inaccessible. However, along with these new opportunities, a new world is also opened up for fraudsters.

Phishing, smishing, and video phishing are the three most common methods in social engineering scams. These tactics exploit psychological manipulation to trick victims into providing personal information or taking harmful actions. A study by KnowBe4 found that over 90% of phishing attacks involve social engineering tactics. In Indonesia, 99% of all phishing attacks are linked to social engineering.

Weak Passwords: The Phishing Vulnerability
The use of passwords as the primary method to protect digital accounts can actually be one of the main causes of the rise in phishing and social engineering attacks. This is due to the fundamental weakness of passwords, which can be easily guessed, stolen, or hacked by attackers. Most users tend to reuse the same password across multiple accounts or choose weak passwords, like birth dates or simple combinations.

Phishing is a type of attack where cybercriminals deceive victims into giving up sensitive information, including passwords. Phishing tactics often involve emails or messages that appear legitimate, such as from a bank or major tech company, asking victims to enter their passwords on a fake website.

According to recent data, phishing attacks have caused significant losses to many businesses and individuals worldwide, including in Indonesia. For example, Indonesia recorded more than 97,000 phishing attempts in 2023, most of which involved password theft.

In addition to being easily hacked, passwords often become a burden for users. In the end, users tend to reuse the same password across multiple accounts. This opens the door wide to cyber-attacks.

Silent Authentication to Fight Phishing
Increasingly complex digital threats like phishing and account takeover (ATO) can be combated with Silent Authentication. What is it?

Unlike traditional methods such as passwords or PINs, Silent Authentication can authenticate a user’s identity without the need for interaction like entering passwords or PINs. Users simply authenticate biometrically by taking a selfie.

So how can security be built just by using biometric authentication? Although this method appears simple from the user's perspective, the technology behind it is far more complex.

1. Device-Based Authentication
In reality, users’ devices are equipped with Public Key Infrastructure (PKI) that ensures the device can play a role in confirming the user's identity. This way, the device can confirm that account access is only granted to the user. This approach eliminates the need for passwords or OTPs.

2. Biometric Authentication
This is the only process the user undergoes. Simply like taking a selfie, biometric authentication matches the user’s face with the profile in the app and ensures it’s done from a registered device. Ultimately, the safest form of authentication is using one's own face. However, behind this, VIDA incorporates advanced technology for device authentication, providing comprehensive protection for all actions related to personal data.

Silent authentication offers a solution without needing passwords that can be stolen. It also helps prevent biometric fraud by using verified biometric data, making it difficult for attackers to replicate.

By implementing silent authentication, businesses and users can significantly enhance their digital security without sacrificing convenience.

 

VIDA - Verified Identity for All. VIDA provides a trusted digital identity platform.

Latest Articles

This Is How Hackers Use Deepfake for Account Takeover
digital security

This Is How Hackers Use Deepfake for Account Takeover

Deepfake has become a new tool for conducting account takeovers. It can mimic the victim's identity. Here are the various ways deepfake is ...

January 09, 2025

Account Takeover Threatens Financial Institutions
digital security

Account Takeover Threatens Financial Institutions

Account takeover, or the unauthorized takeover of an account, is a cybercrime that threatens the security of user data in financial instit...

January 07, 2025

VIDA and PayMongo: Fighting Deepfake Fraud in Southeast Asia
digital security

VIDA and PayMongo: Fighting Deepfake Fraud in Southeast Asia

VIDA and PayMongo have joined forces to combat deepfake fraud threatening financial inclusion in Southeast Asia. Curious about how this col...

December 06, 2024