Skip to content
keamanan digital

Sep 05, 2024

Password: Protector or Gateway to Cybercrime?

Did you know that the root cause of phishing and social engineering attacks lies in password breaches? Here's the explanation.

Today, online fraud causes losses exceeding 77 trillion rupiah annually in Indonesia. Why is this happening?

As society becomes more connected online, the digital world opens up new opportunities. From bank loans, health insurance policies, to purchases on e-commerce platforms for products that were previously inaccessible. However, along with these new opportunities, a new world is also opened up for fraudsters.

Phishing, smishing, and video phishing are the three most common methods in social engineering scams. These tactics exploit psychological manipulation to trick victims into providing personal information or taking harmful actions. A study by KnowBe4 found that over 90% of phishing attacks involve social engineering tactics. In Indonesia, 99% of all phishing attacks are linked to social engineering.

Weak Passwords: The Phishing Vulnerability
The use of passwords as the primary method to protect digital accounts can actually be one of the main causes of the rise in phishing and social engineering attacks. This is due to the fundamental weakness of passwords, which can be easily guessed, stolen, or hacked by attackers. Most users tend to reuse the same password across multiple accounts or choose weak passwords, like birth dates or simple combinations.

Phishing is a type of attack where cybercriminals deceive victims into giving up sensitive information, including passwords. Phishing tactics often involve emails or messages that appear legitimate, such as from a bank or major tech company, asking victims to enter their passwords on a fake website.

According to recent data, phishing attacks have caused significant losses to many businesses and individuals worldwide, including in Indonesia. For example, Indonesia recorded more than 97,000 phishing attempts in 2023, most of which involved password theft.

In addition to being easily hacked, passwords often become a burden for users. In the end, users tend to reuse the same password across multiple accounts. This opens the door wide to cyber-attacks.

Silent Authentication to Fight Phishing
Increasingly complex digital threats like phishing and account takeover (ATO) can be combated with Silent Authentication. What is it?

Unlike traditional methods such as passwords or PINs, Silent Authentication can authenticate a user’s identity without the need for interaction like entering passwords or PINs. Users simply authenticate biometrically by taking a selfie.

So how can security be built just by using biometric authentication? Although this method appears simple from the user's perspective, the technology behind it is far more complex.

1. Device-Based Authentication
In reality, users’ devices are equipped with Public Key Infrastructure (PKI) that ensures the device can play a role in confirming the user's identity. This way, the device can confirm that account access is only granted to the user. This approach eliminates the need for passwords or OTPs.

2. Biometric Authentication
This is the only process the user undergoes. Simply like taking a selfie, biometric authentication matches the user’s face with the profile in the app and ensures it’s done from a registered device. Ultimately, the safest form of authentication is using one's own face. However, behind this, VIDA incorporates advanced technology for device authentication, providing comprehensive protection for all actions related to personal data.

Silent authentication offers a solution without needing passwords that can be stolen. It also helps prevent biometric fraud by using verified biometric data, making it difficult for attackers to replicate.

By implementing silent authentication, businesses and users can significantly enhance their digital security without sacrificing convenience.

 

VIDA - Verified Identity for All. VIDA provides a trusted digital identity platform.

Latest Articles

4 Common Mistakes When Using Indonesia's E-Meterai
digital signatures

4 Common Mistakes When Using Indonesia's E-Meterai

Here are 4 mistakes in applying e-meterai and digital signatures that you need to know. Let’s take a look at the explanations!

October 16, 2024

How Deepfake Fraud Sabotages Financial Inclusion
digital security

How Deepfake Fraud Sabotages Financial Inclusion

Deepfake is one of the biggest threats in the financial industry. How does deepfake also become a tool for fraud that hinders financial inc...

October 14, 2024

How Does Digital Identity Improve Financial Inclusion?
keamanan digital

How Does Digital Identity Improve Financial Inclusion?

Digital identity is crucial for providing financial access to the public. What does digital identity look like, and how can we avoid identi...

October 10, 2024