'%2F%3E%0A%20%20%20%20%3Crect%20width%3D'1600'%20height%3D'900'%20fill%3D'url(%23v)'%2F%3E%0A%20%20%20%20%3Cg%20opacity%3D'0.08'%20fill%3D'%23ffffff'%3E%0A%20%20%20%20%20%20%3Ccircle%20cx%3D'1420'%20cy%3D'180'%20r%3D'220'%2F%3E%0A%20%20%20%20%20%20%3Ccircle%20cx%3D'1500'%20cy%3D'760'%20r%3D'120'%2F%3E%0A%20%20%20%20%3C%2Fg%3E%0A%20%20%20%20%3Cline%20x1%3D'80'%20y1%3D'172'%20x2%3D'220'%20y2%3D'172'%20stroke%3D'%23ffffff'%20stroke-width%3D'3'%20stroke-opacity%3D'0.6'%2F%3E%0A%20%20%20%20%3Ctext%20x%3D'80'%20y%3D'140'%20font-family%3D'Inter%2C%20-apple-system%2C%20Helvetica%2C%20sans-serif'%20font-weight%3D'700'%20font-size%3D'28'%20fill%3D'%23ffffff'%20letter-spacing%3D'6'%3EHANNA%20%C2%B7%20NEWS%3C%2Ftext%3E%0A%20%20%20%20%3Ctext%20x%3D'80'%20y%3D'230'%20font-family%3D'Inter%2C%20-apple-system%2C%20Helvetica%2C%20sans-serif'%20font-weight%3D'600'%20font-size%3D'40'%20fill%3D'%23ffffffb3'%20letter-spacing%3D'4'%3EWORLD%3C%2Ftext%3E%0A%20%20%20%20%3Ctext%20x%3D'80'%20y%3D'622'%20font-family%3D'Playfair%20Display%2C%20Georgia%2C%20serif'%20font-weight%3D'800'%20font-size%3D'86'%20fill%3D'%23ffffff'%20letter-spacing%3D'-1'%3EEthical%20Hacker%20Warns%20Against%3C%2Ftext%3E%3Ctext%20x%3D'80'%20y%3D'721'%20font-family%3D'Playfair%20Display%2C%20Georgia%2C%20serif'%20font-weight%3D'800'%20font-size%3D'86'%20fill%3D'%23ffffff'%20letter-spacing%3D'-1'%3EWeak%20Passwords%2C%20Promotes%3C%2Ftext%3E%3Ctext%20x%3D'80'%20y%3D'820'%20font-family%3D'Playfair%20Display%2C%20Georgia%2C%20serif'%20font-weight%3D'800'%20font-size%3D'86'%20fill%3D'%23ffffff'%20letter-spacing%3D'-1'%3EPasskeys%3C%2Ftext%3E%0A%20%20%20%20%3Ctext%20x%3D'80'%20y%3D'870'%20font-family%3D'Inter%2C%20-apple-system%2C%20Helvetica%2C%20sans-serif'%20font-weight%3D'500'%20font-size%3D'22'%20fill%3D'%23ffffff66'%20letter-spacing%3D'2'%3Enews.hanna-ai.com%3C%2Ftext%3E%0A%20%20%3C%2Fsvg%3E)
Ethical hacker Rachel Tobac said weak passwords remain a primary cybersecurity risk that exposes users to significant account compromise.
This vulnerability matters because traditional authentication methods are failing to keep pace with modern hacking techniques, leaving personal and financial data exposed to global threats.
Tobac, the CEO of SocialProof Security, said the reliance on simple passwords is a critical flaw in digital safety. The scale of the problem is evidenced by reports that 19 billion passwords have leaked online [1]. These leaks allow attackers to use credential stuffing and other automated methods to access multiple accounts using a single set of stolen credentials.
To combat these risks, Tobac said a shift toward more robust security practices is necessary. While some guidelines suggest a strong password is at least seven characters long [2], the increasing power of computing means that length alone is often insufficient. She said users should use unique passwords for every account to prevent a single breach from compromising a user's entire digital identity.
Beyond password complexity, Tobac said passkeys are a transformative technology. Passkeys replace traditional passwords with cryptographic keys stored on a user's device, which are unlocked via biometrics or a device PIN. This method removes the risk of password theft through phishing because there is no shared secret for a hacker to steal.
Security threats continue to evolve, and some specific methods remain a priority for defenders. For example, Kerberoasting attacks were expected to remain a concern through 2025 [3]. This highlights the ongoing battle between security professionals and malicious actors who target service accounts to escalate privileges within a network.
Tobac said the goal of educating the public is to encourage the adoption of stronger authentication methods before a breach occurs. By moving away from easily guessable strings of text, users can significantly reduce their attack surface.
“19 billion passwords have leaked online”
The transition from passwords to passkeys represents a fundamental shift in the identity layer of the internet. By removing the human element of creating and remembering passwords, the industry aims to eliminate the primary vector for credential-based attacks, though widespread adoption depends on user education and platform compatibility.
