538 Views
Company-wide password resets, and even individual password resets need to be extinct like the dinosaurs they are. Unfortunately Ubisoft, who have forced a company wide password reset following a data breach, is in very good company. More than 80% of data breaches are the direct result of passwords.
Adversaries use compromised passwords in the first phase of their attack, and live off the land by harvesting additional passwords as they move laterally to new juicy targets within the network.
This is a 100% fixable problem now. The technology exists today to remove passwords altogether and replace them with much stronger, unphishable alternatives.