Overview
- Marking Thursday's World Password Day, reports say weak and reused passwords still dominate and drive most breaches, with Spain's INCIBE tying over 90% of incidents to compromised credentials.
- Security firms describe AI-made phishing and deepfakes that read like real messages and calls, boosting hit rates and allowing intrusions to sit undetected for months.
- Credential theft has become a fast retail market on Telegram, where bots sell access in seconds, from about $45 for a hacked Facebook account to more than $1,000 for verified banking logins.
- Major providers and public services are adopting passkeys that use device-bound cryptography and biometrics, paired with two-step verification to curb password theft.
- Specialists warn the risk now centers on device security and account recovery flows and advise unique passwords, trusted managers, and avoiding pasting sensitive data into AI chatbots during the transition.