(VOVWORLD) - Verizon, a multinational telecommunications conglomerate, says passwords are the cause of more than 80% of data breaches and data theft. In Vietnam, millions of user passwords have been exposed because they are simple and easy to guess. In 2021, more than 800 phishing websites impersonated banks to obtain login information and steal money from users' bank accounts. Passwordless authentication will close this security loophole.
This week’s Digital life will analyze data security risks posed by passwords. This is part 1 of our story about how
passwordless authentication is making in roads in Vietnam.
 The “Vietnam Goes Passwordless Roundtable” is held on July 13, 2022 to mark Vietnam’s first steps in the application and development of strong passwordless authentication technology complying with international standards. (Photo: vneconomy.vn)
|
Password authentication has been used since 1960s but it has lots of problems. Nguyen Thanh Phuc, Director of the Department of Information Security of the Ministry of Information and Communications, said, “Password authentication has been revealing its weaknesses, especially with computing technology doubling its capacity every year.”
Phuc noted that at this rate, plus the new quantum computing technology, password authentication soon won’t make sense.
“All passwords will be broken by technology. This is a trend. And with the increase in the number of digital platforms, a user may have dozens of passwords, which makes them hard to remember. That’s why 3.4 million Vietnamese users use simple passwords such as 123456. It’s time to change to a new way of authentication,” said Phuc.
The Gartner Technology Research&Advisory Firm predicts that in just 10 years quantum computers will be powerful enough to crack any password used to protect cell phones, bank accounts, email addresses, and digital Bitcoin wallets.
Colonel Tran Duc Su, Director of the Center for Information Technology and Cyber Security Monitoring of the Vietnam Government Information Security Commission, said, “Most cyber attacks aim to steal passwords. There are multiple types of attacks, using different tricks to get usernames and passwords.”
More importantly, Su said, “Hackers can access the information of an entire organization through one user whose password is simple and easily guessed."
According to the Department of Information Security of the Ministry of Information and Communications, passwordless authentication is quite new in Vietnam and has not yet been widely deployed. This makes Vietnam one of the countries most vulnerable to cyberattacks.
In 2021, more than 3,300 websites in Vietnam were hacked and had to change their interface. 700,000 IP addresses are found in botnets each month. A botnet is a collection of connected devices, often within an IoT network, that become infected and controlled by malware to benefit cybercriminals.
Kaspersky, a cyber security solutions company, reported in the first quarter of this year that Vietnam was targeted in an attack campaign that used malware called Emotel to steal data.
Tran Dinh Khiem, Head of Techcombank’s Digital Platforms & Services Digital Banking, said it’s time for information security to be based on more than just passwords and usernames.
“All authentication methods are based on one of three factors. The first is knowledge-based - something like a password or PIN code that only the user would know. The second is property-based – like an access card, key, key fob, or other physical device. The third is biology-based – like your face, your iris, or your fingerprints. Any solution designed to authenticate the user must be based on one or more of these three factors,” Khiem explained.
Verizon, Microsoft, and multiple cybersecurity firms agree that the frequency of phishing attacks and identity theft has doubled over the past 12 months.
Vietnam has reacted by beginning to switch to authentication without passwords.
 VINCSS FIDO2 passwordless strong authentication system
|
In July, VINCSS (Cybersecurity Services of Vingroup) officially launched the VINCSS FIDO2 passwordless strong authentication system, the first in Vietnam and Southeast Asia, said Nguyen Phi Kha, the VINCSS R&D Director.
He explained, “Because our passwords are stored on the servers of online service providers, we have to completely depend on them. If a password is deliberately leaked or isn’t adequately encrypted, hackers can obtain all the user’s information – where they work and how many accounts they have. They can use this information to attack the employer.”
The question is how can the hackers do this? “Their task is made easier by similarities between platforms and the fact that users often re-use passwords. Individuals are attacked, but it can have a huge impact on entire businesses,” said Kha.
 Nguyen Huy Dung, Deputy Minister of Information and Communications, speaks at the roundtable. (Photo: vneconomy.vn)
|
Deputy Minister of Information and Communications Nguyen Huy Dung said, “The VINCSS passwordless authentication system shows that a Vietnamese enterprise can research, develop and create products and services that meet the highest international security standards.”
“As the system deals with the authentication of users, the step is particularly important because the authentication is the first move for users to interact to use digital services,” said Dung.
Outro: That was part 1 of our story about how passwordless authentication is making in roads in Vietnam. Next week's edition will explain passwordless authentication and how it works.