The Credential Crisis: How Stolen Credentials Defeat Modern Security

The Credential Crisis: How Stolen Credentials Defeat Modern Security

Briefly

"In today's cyber world, we call that paper 'credentials. It is no longer physical, but virtual, and the meaning has expanded to 'you can trust in the belief that I am who I say I am and you can treat me as such: I am Socrates.' Socrates is the identity, and the credentials prove it."

"In cyber today, credentials are largely categorized in two major groups: those for human identities, and those for machine and non-human identities. Human identity credentials can include passwords, passkeys, biometrics, soft and hardware tokens, and more. Non-human identities can include APIs, SSH keys, X.509 certificates, service accounts, session tokens and keys, and more."

"It is worth remembering there are two stages: the theft of credentials is 'credential compromise', while a consequent breach is by 'compromised credentials'. "Compromise does not necessarily mean the credentials have already been used. It means they are no longer exclusively controlled by the legitimate user," explains Ran Geva, CEO and co-Founder at Webz.io."

"But they could be used. And by the nature of what they are, if used, they are automatically trusted as the legitimate user. "The defining trait," adds Erin Meyers, identity expert at Huntress, "is that the atta"