America’s digital guardians believe Russian cyber attacks on Ukraine could spill over to US networks. Passwords are not enough to remain safe, warns the US Cybersecurity and Infrastructure Security Agency.
It is right. Most digital data crime involves password breaches. Internet users help criminals by relying on simple passwords — “1234”, for example — or repeating the same password across multiple platforms. This is known in the cyber security industry as poor cyber hygiene.
Hackers can also beat two-factor authentication using smartphones, in which a text is sent to a phone number after a password is entered. They do this by redirecting or intercepting text messages.
Twitter founder Jack Dorsey was the victim of such a scam. Cyber security start-ups such as unique-password creator LastPass offer an alternative.
Password management, part of the $12bn identity and access management sector, is already a $1.3bn business, according to Mordor Intelligence. By 2026, the consultancy expects the value of the market to rise to $3bn.
The pandemic forced many users to access corporate networks from remote hardware. Cyber attacks increased. This prompted more companies to set up accounts with third-party password managers. Last year, 1Password, which charges business users $7.99 per month, raised $100mn at a $2bn valuation — 17 times annual recurring revenue. The Canadian company says it has more than 90,000 paying business customers.
The private equity owners of LogMeIn are about to spin LastPass, one of the best-known companies in the sector, out of the Boston software group. Purchased for $110mn in 2015m, LastPass is likely to exceed unicorn status, in which a tech start-up is valued at more than $1bn. High-profile cyber crimes help its goal of increasing paid membership and reducing access to free services.
New York’s Beyond Identity, which links a user’s identity to devices, raised new funding at a valuation above $1bn this year. Microsoft’s Authenticator uses an app that generates a code. Apple’s biometric service unlocks phones with fingerprints or face scans — even for users wearing a mask.
Usernames and memorised logins are legacy tech. The future is passwordless.
Our popular newsletter for premium subscribers is published twice weekly. On Wednesday, we analyse a hot topic from a world financial centre. On Friday, we dissect the week’s big themes. Please sign up here