LETTERS: Aug 1 is World Wide Web Day, where we celebrate the Internet and the wealth of benefits it has brought to our lives.
However, we must also strive to keep the Internet safe and secure so that we may continue to reap value from it for years to come.
Many websites still rely on passwords for authentication.
Knowledge-based credentials, such as passwords, are human-readable and can be hacked, stolen and manipulated by cybercriminals through phishing, credential stuffing or brute force.
Users' poor cybersecurity practices exacerbate this issue.
A study by Princeton University in the United States showed that 75 per cent of the world's most popular English-language websites allow people to choose the most common passwords, such as "abc123456" and "P@$$w0rd".
For an added layer of security, many organisations have adopted multi-factor authentication, such as SMS one-time password (OTP).
While this is better than passwords alone, OTPs share a common trait with passwords: they are knowledge-based "secrets" that can be pried out of users' hands by enterprising hackers.
For example, techniques like SIM swapping allow hackers to get the SMS OTP sent to their phones instead of the intended recipients.
Hence, as the Internet grows more sophisticated, so must its authentication methods to address online threats.
Cryptographically secure, possession-based authentication needs to be the preferred path forward, including on-device biometrics or physical security keys that are resistant to remote attacks.
That's why some industry bodies have standardised such authentication technologies over the past few years, resulting in support for these authentication solutions in virtually every leading web browser, device and operating system.
The aim is to continue to guard the World Wide Web against threats and keep it secure.
ANDREW SHIKIAR
Executive director,
FIDO Alliance
The views expressed in this article are the author's own and do not necessarily reflect those of the New Straits Times