The Evolving Landscape of Digital Credentials: A Comprehensive Analysis of Threats, Countermeasures, and Future Trends

Abstract

Digital credentials, encompassing usernames, passwords, digital certificates, and other authentication factors, have become the linchpin of online security. Their compromise consistently ranks as a leading attack vector, enabling a wide range of malicious activities, from data breaches and ransomware deployment to account takeover and financial fraud. This research report provides a comprehensive analysis of the evolving landscape surrounding digital credentials, going beyond the well-trodden path of simply identifying “stolen credentials” as the problem. We delve into the intricacies of credential harvesting techniques, explore the complex lifecycle of stolen credentials within the dark web ecosystem, evaluate the effectiveness of existing credential stuffing prevention strategies, and critically assess emerging technologies for credential management and protection, including passwordless authentication and advanced biometric verification. Furthermore, we analyze the economics driving the stolen credential market, examining the supply chain, pricing models, and the motivations of both buyers and sellers. Finally, we look forward, considering emerging threats such as AI-driven attacks and the rise of decentralized identity, and evaluating the efficacy of proposed solutions in this ever-shifting environment.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

1. Introduction

The digital realm’s reliance on credentials for authentication and access control has inadvertently created a significant vulnerability. While sophisticated intrusion detection systems and advanced malware analysis techniques are deployed to defend against direct attacks, the compromise of a single valid credential can often bypass these layers of security, providing attackers with a seemingly legitimate foothold within a target organization. This report moves beyond the simple acknowledgement of “stolen credentials” as a primary threat vector and seeks to offer a deeper understanding of the entire lifecycle of digital credentials, from their initial creation and use to their potential compromise, sale, and subsequent exploitation.

We contend that a holistic approach, encompassing not only technological solutions but also a thorough understanding of the economic and behavioral factors at play, is crucial for effectively mitigating the risks associated with credential-based attacks. This report aims to provide security professionals, researchers, and policymakers with the information and insights necessary to develop and implement robust strategies for credential management and protection in an increasingly complex threat landscape. A comprehensive understanding of the intricacies of credential management is crucial in the current security environment. We will not only explore known vulnerabilities, but also new attack vectors and corresponding countermeasures, including emerging technologies like passwordless authentication and decentralized identifiers.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

2. Credential Harvesting Techniques: A Deep Dive

Credential harvesting is the initial stage in the majority of credential-based attacks. Attackers employ a diverse range of techniques to acquire valid credentials, each with varying degrees of sophistication and effectiveness. This section examines several prominent methods, providing a detailed analysis of their underlying mechanisms and common deployment strategies.

• Phishing: Phishing remains one of the most prevalent and successful credential harvesting techniques. Attackers craft deceptive emails, messages, or websites that mimic legitimate sources, tricking users into divulging their usernames and passwords. Sophisticated phishing campaigns often leverage social engineering principles, exploiting users’ trust, fear, or sense of urgency to increase their likelihood of success. The rise of spear-phishing, which targets specific individuals or organizations with highly personalized messages, further enhances the effectiveness of these attacks. Furthermore, modern phishing techniques often incorporate multi-factor authentication (MFA) bypass methods, such as real-time proxying of authentication requests, effectively rendering MFA useless against the attacker. The continuing success of phishing highlights the persistent challenge of user education and the need for more robust technological safeguards.

• Malware and Keyloggers: Malware, including keyloggers and information stealers, represents another significant threat to credential security. Once installed on a victim’s machine, these malicious programs can silently capture keystrokes, system information, and stored credentials. Keyloggers record every keystroke made by the user, allowing attackers to capture usernames, passwords, and other sensitive data. Information stealers, on the other hand, specifically target stored credentials in web browsers, password managers, and other applications. Modern malware often employs advanced techniques, such as rootkit technology and anti-analysis mechanisms, to evade detection and persist on infected systems for extended periods. Furthermore, with the proliferation of Ransomware-as-a-Service (RaaS), many ransomware groups have begun to exfiltrate data before encrypting the system, allowing them to demand a second ransom for the data’s safe return. This stolen data often includes credentials that can be used for further attacks.

• Credential Stuffing and Brute-Force Attacks: Credential stuffing involves using lists of previously compromised usernames and passwords to attempt to gain access to other online accounts. Attackers exploit the common practice of password reuse, where users employ the same username and password combination across multiple websites and services. Brute-force attacks, on the other hand, involve systematically trying different username and password combinations until a valid credential is found. While brute-force attacks are generally less effective than credential stuffing due to rate limiting and account lockout mechanisms, they can still be successful against poorly secured websites or systems with weak password policies.

• Compromised Databases and Data Breaches: Large-scale data breaches, where the databases of websites and online services are compromised, represent a significant source of stolen credentials. Attackers exploit vulnerabilities in web applications, databases, or network infrastructure to gain unauthorized access to sensitive data, including usernames, passwords, and other personal information. These stolen credentials are then often sold on the dark web or used in credential stuffing attacks. The impact of a single data breach can be far-reaching, affecting millions of users and potentially leading to widespread account compromise. Notably, the storage of passwords in plaintext or poorly hashed formats greatly exacerbates the impact of these breaches.

• Supply Chain Attacks: Increasingly, attackers are targeting organizations’ supply chains to gain access to sensitive data, including credentials. By compromising a third-party vendor or service provider, attackers can gain access to the target organization’s network and systems, bypassing traditional security defenses. Supply chain attacks are particularly challenging to defend against due to their complexity and the difficulty in monitoring the security posture of external partners. The SolarWinds attack is a prime example of how devastating a supply chain attack can be, highlighting the need for enhanced supply chain risk management and security auditing practices.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

3. The Lifecycle of Stolen Credentials on the Dark Web

The dark web serves as a thriving marketplace for stolen credentials, facilitating their sale, distribution, and subsequent exploitation. Understanding the lifecycle of these credentials within this ecosystem is crucial for developing effective countermeasures. This section examines the key stages in this lifecycle, from the initial acquisition of stolen credentials to their eventual use in malicious activities.

• Initial Acquisition and Consolidation: Stolen credentials are typically acquired through the harvesting techniques described in the previous section. These credentials are then consolidated into large databases, often categorized by website, service, or geographic region. This consolidation process is typically performed by automated tools that scrape data from compromised websites and online forums. The value of these databases depends on the quality and quantity of the credentials they contain, as well as the recency of their acquisition.

• Validation and Verification: Before being offered for sale, stolen credentials are often validated and verified to ensure their accuracy and usability. This process involves using automated tools to test the credentials against the targeted websites or services. Credentials that are found to be valid are then marked as such and typically command a higher price on the dark web marketplace. This validation step often involves bypassing rate limiting or CAPTCHA challenges.

• Sale and Distribution: Validated credentials are then offered for sale on dark web marketplaces, typically in the form of large databases or individual accounts. These marketplaces operate much like traditional e-commerce platforms, with vendors offering various types of credentials at different prices. Buyers can search for specific credentials based on criteria such as website, service, geographic region, or account type. The price of stolen credentials varies depending on factors such as their validity, the value of the targeted accounts, and the demand for specific types of credentials. In addition, credentials from accounts with higher privileges tend to be sold for higher prices.

• Exploitation and Monetization: Once purchased, stolen credentials are used to gain unauthorized access to online accounts and systems. This access can then be used for a variety of malicious purposes, including financial fraud, identity theft, data exfiltration, and ransomware deployment. Attackers may use the stolen credentials to directly access the targeted accounts or to further compromise the systems and networks to which those accounts have access. The monetization strategies employed depend on the nature of the targeted accounts and the attacker’s objectives. For example, compromised bank accounts may be used to transfer funds to fraudulent accounts, while compromised social media accounts may be used to spread malware or disinformation. In addition, they can be used to perform Business Email Compromise (BEC) attacks, which are often very lucrative.

• Disposal and Recycling: After being used for malicious purposes, stolen credentials may be discarded or recycled. Discarded credentials are simply abandoned, while recycled credentials may be resold or used in subsequent attacks. The decision to discard or recycle stolen credentials depends on factors such as their remaining value, the risk of detection, and the attacker’s overall strategy. For example, credentials that have been used in multiple attacks may be considered less valuable due to the increased risk of detection, while credentials that have been used in successful attacks may be recycled for future use. The lifespan of credentials on the dark web is highly variable, some being used within hours and others remaining for years. Some of the reasons credentials can be long-lived is that users may use the same password for years, even if it has been part of a breach, and secondly, there is a huge volume of credentials available for sale on the dark web, meaning that there is intense competition between attackers to use the credentials before their competitors.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

4. Strategies for Credential Stuffing Prevention

Credential stuffing attacks, as previously discussed, represent a significant threat to online accounts and systems. Preventing these attacks requires a multi-layered approach that combines technological safeguards with user education and awareness. This section examines several effective strategies for mitigating the risk of credential stuffing.

• Rate Limiting: Implementing rate limiting mechanisms is crucial for preventing credential stuffing attacks. Rate limiting involves restricting the number of login attempts that can be made from a specific IP address or user account within a given timeframe. By limiting the number of login attempts, rate limiting makes it more difficult for attackers to systematically try different username and password combinations. However, attackers can circumvent basic rate limiting by using proxy servers or distributed botnets to mask their IP addresses. Therefore, it is important to implement more sophisticated rate limiting techniques, such as behavioral analysis and device fingerprinting, to identify and block suspicious login activity. Furthermore, the choice of the rate limit needs to be carefully made so that it is not too strict (causing legitimate users to be blocked) or too lenient (allowing attackers to easily bypass it).

• Account Lockout Mechanisms: Account lockout mechanisms can also be effective in preventing credential stuffing attacks. Account lockout involves temporarily or permanently disabling an account after a certain number of failed login attempts. By locking out accounts after repeated failed login attempts, account lockout makes it more difficult for attackers to gain unauthorized access. However, account lockout mechanisms can also be abused by attackers to perform denial-of-service attacks, locking out legitimate users from their accounts. Therefore, it is important to implement account lockout mechanisms carefully, taking into account the potential for abuse. The number of failed attempts before lockout and the duration of the lockout are critical parameters. Account lockout also needs to be combined with CAPTCHAs to be effective.

• CAPTCHAs and Challenge-Response Tests: CAPTCHAs and other challenge-response tests can help distinguish between legitimate users and automated bots, making it more difficult for attackers to perform credential stuffing attacks. CAPTCHAs require users to solve a visual or auditory puzzle, proving that they are human and not a bot. Challenge-response tests involve presenting users with a question or task that is difficult for bots to answer or perform. However, CAPTCHAs can be frustrating for legitimate users and may not be effective against sophisticated bots that can solve them using advanced image recognition techniques. Similarly, challenge-response tests can be bypassed by attackers using crowdsourcing or machine learning. Therefore, it is important to use CAPTCHAs and challenge-response tests in conjunction with other security measures to effectively prevent credential stuffing attacks. There has been a movement away from traditional CAPTCHAs towards less intrusive, invisible CAPTCHAs that analyze user behavior to determine whether they are human or a bot.

• Password Complexity Policies and Enforcement: Enforcing strong password complexity policies is crucial for preventing credential stuffing attacks. Password complexity policies require users to create passwords that meet certain criteria, such as minimum length, inclusion of uppercase and lowercase letters, numbers, and symbols. By enforcing strong password complexity policies, organizations can make it more difficult for attackers to guess or crack passwords. However, overly complex password policies can also lead to user frustration and password reuse, making it easier for attackers to compromise accounts. Therefore, it is important to strike a balance between password complexity and usability. In addition, password complexity policies should be regularly reviewed and updated to reflect the evolving threat landscape. It is now recommended to enforce a minimum password length rather than strict complexity requirements (such as requiring at least one special character). In the case that an organisation does choose to use password complexity, it’s important to monitor common password substitutions, such as replacing ‘a’ with ‘@’.

• Multi-Factor Authentication (MFA): Implementing multi-factor authentication (MFA) is one of the most effective ways to prevent credential stuffing attacks. MFA requires users to provide two or more authentication factors to verify their identity, such as a password and a one-time code sent to their mobile phone. By requiring multiple authentication factors, MFA makes it significantly more difficult for attackers to gain unauthorized access, even if they have stolen a user’s password. However, MFA is not foolproof and can be bypassed by sophisticated attackers using techniques such as SIM swapping, phishing, and malware. Therefore, it is important to implement MFA carefully and to educate users about the risks of MFA bypass attacks. A recent trend is the adoption of phishing-resistant MFA methods, such as FIDO2, which makes it significantly harder for attackers to phish the second factor. The implementation of MFA should also be based on risk, for instance, administrator accounts are more likely to be compromised than other standard accounts, and therefore should have more robust protections.

• Compromised Credential Monitoring: Monitoring for compromised credentials is a proactive approach to preventing credential stuffing attacks. Organizations can use services that track publicly available lists of compromised credentials and alert users if their credentials have been found in a data breach. By proactively identifying and addressing compromised credentials, organizations can reduce the risk of credential stuffing attacks. However, these services are not always comprehensive and may not detect all compromised credentials. Therefore, it is important to use compromised credential monitoring in conjunction with other security measures. Services such as HaveIBeenPwned are valuable resources in this area.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

5. Technologies for Credential Management and Protection

Effective credential management and protection require a combination of technological solutions and organizational policies. This section examines several key technologies that can help organizations mitigate the risks associated with credential-based attacks.

• Password Managers: Password managers can help users create and store strong, unique passwords for each of their online accounts. Password managers automatically generate complex passwords and securely store them, making it easier for users to manage their credentials and avoid password reuse. Password managers also typically offer features such as password autofill and password synchronization across multiple devices. By encouraging the use of strong, unique passwords, password managers can significantly reduce the risk of credential stuffing attacks. Password managers can be either locally installed software or cloud-based services. Each type has its own advantages and disadvantages in terms of security and usability. In addition to standard password managers, there is a newer development towards passkeys, which involve storing a private cryptographic key on a users device and using biometrics to unlock it, this makes the process of logging in much more secure and usable.

• Passwordless Authentication: Passwordless authentication eliminates the need for passwords altogether, replacing them with alternative authentication methods such as biometrics, one-time codes, or security keys. Passwordless authentication can significantly improve security by eliminating the risk of password-based attacks such as phishing, credential stuffing, and brute-force attacks. Several passwordless authentication methods are available, including biometric authentication (fingerprint scanning, facial recognition), one-time codes sent to email or mobile phone, and security keys (FIDO2). Each method has its own advantages and disadvantages in terms of security, usability, and cost. The emergence of WebAuthn and FIDO2 standards has been crucial in driving the adoption of passwordless authentication. Passwordless methods also often improve the user experience and increase the conversion rate of visitors to online services.

• Biometric Verification: Biometric verification uses unique biological characteristics to verify a user’s identity, such as fingerprint scanning, facial recognition, or voice recognition. Biometric verification can provide a strong and convenient alternative to passwords, making it more difficult for attackers to impersonate legitimate users. However, biometric verification is not foolproof and can be bypassed by sophisticated attackers using techniques such as spoofing and presentation attacks. Therefore, it is important to implement biometric verification carefully, using advanced liveness detection techniques to prevent spoofing and presentation attacks. Biometric data also raises privacy concerns, as it is highly sensitive and difficult to change. Secure storage and processing of biometric data are essential for maintaining user trust. Some biometric solutions can be integrated with password managers or multi-factor authentication systems to provide an extra layer of security.

• Centralized Credential Management Systems: Centralized credential management systems provide a centralized platform for managing and controlling access to sensitive resources. These systems allow organizations to enforce strong password policies, manage user identities, and track user activity. Centralized credential management systems also typically offer features such as role-based access control (RBAC) and privileged access management (PAM), which help to restrict access to sensitive resources based on user roles and responsibilities. By centralizing credential management, organizations can improve security, reduce administrative overhead, and simplify compliance efforts. Examples of such systems include Active Directory, Azure Active Directory, and Okta. However, it is important to properly secure these systems, as a compromise of the centralized credential management system can have catastrophic consequences.

• Behavioral Biometrics: Behavioral biometrics analyzes a user’s behavior patterns, such as typing speed, mouse movements, and navigation habits, to verify their identity. Behavioral biometrics can provide an additional layer of security, particularly in situations where traditional authentication methods are compromised or bypassed. By monitoring user behavior, behavioral biometrics can detect anomalies that may indicate fraudulent activity or unauthorized access. Behavioral biometrics is typically used in conjunction with other authentication methods, such as passwords or multi-factor authentication. However, behavioral biometrics can also raise privacy concerns, as it involves the collection and analysis of personal data. Transparency and user consent are essential for ensuring the ethical and responsible use of behavioral biometrics.

• Decentralized Identity Solutions: Decentralized identity solutions aim to give users greater control over their digital identities and credentials. These solutions typically use blockchain technology or other distributed ledger technologies to store and manage user identities and credentials in a decentralized manner. By decentralizing identity management, users can reduce their reliance on centralized identity providers and improve their privacy and security. Decentralized identity solutions are still in their early stages of development, but they have the potential to revolutionize the way we manage and protect our digital identities. Examples include self-sovereign identity (SSI) and verifiable credentials. One potential advantage of these decentralised solutions is that they may make it harder for companies to use the personal data of users.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

6. The Economics of the Stolen Credential Market

The market for stolen credentials is a complex and dynamic ecosystem driven by economic incentives. Understanding the economics of this market is crucial for developing effective strategies to disrupt it. This section analyzes the supply and demand factors that influence the price and availability of stolen credentials, as well as the motivations of both buyers and sellers.

• Supply Factors: The supply of stolen credentials is determined by the effectiveness of credential harvesting techniques and the frequency of data breaches. Factors that increase the supply of stolen credentials include the prevalence of phishing attacks, the sophistication of malware, and the vulnerability of web applications and databases. Large-scale data breaches can flood the market with stolen credentials, driving down prices and increasing the risk of account compromise. Conversely, improvements in security defenses and user awareness can reduce the supply of stolen credentials, making them more valuable and difficult to obtain.

• Demand Factors: The demand for stolen credentials is driven by the potential for financial gain and other malicious activities. Factors that increase the demand for stolen credentials include the profitability of financial fraud, the value of sensitive data, and the prevalence of account takeover attacks. Attackers may use stolen credentials to access bank accounts, steal personal information, or compromise corporate networks. The demand for specific types of credentials varies depending on the attacker’s objectives. For example, credentials for high-value accounts, such as administrator accounts or financial accounts, typically command a higher price on the dark web marketplace.

• Pricing Models: The price of stolen credentials varies depending on several factors, including their validity, the value of the targeted accounts, and the demand for specific types of credentials. Validated credentials, which have been verified to be working, typically command a higher price than unvalidated credentials. Credentials for high-value accounts, such as administrator accounts or financial accounts, also command a higher price. The price of stolen credentials can also fluctuate based on market conditions, such as the frequency of data breaches and the availability of specific types of credentials. The pricing models used on dark web marketplaces are often complex and opaque, making it difficult to track the true cost of stolen credentials. However, research indicates that the price of individual credentials can range from a few dollars to several hundred dollars, depending on their value and scarcity. Some vendors also offer subscription-based access to databases of stolen credentials, providing ongoing access to updated information.

• Motivations of Buyers and Sellers: The buyers of stolen credentials are typically cybercriminals who are looking to profit from financial fraud, identity theft, or other malicious activities. These buyers may be individuals or organized crime groups. They are motivated by the potential for financial gain and the ability to operate anonymously. The sellers of stolen credentials are typically hackers or data brokers who have obtained the credentials through illegal means. These sellers may be individuals or organized crime groups. They are motivated by the potential for financial gain and the ability to profit from stolen data. Some sellers may also be motivated by ideological or political reasons, such as hacktivism or cyber espionage.

• Disrupting the Market: Disrupting the market for stolen credentials requires a multi-pronged approach that targets both the supply and demand sides of the market. On the supply side, organizations need to invest in stronger security defenses to prevent data breaches and credential harvesting attacks. On the demand side, law enforcement agencies need to investigate and prosecute cybercriminals who buy and use stolen credentials. In addition, public awareness campaigns can educate users about the risks of password reuse and the importance of using strong, unique passwords. By reducing the supply of stolen credentials and the demand for them, we can make it more difficult for cybercriminals to profit from their illegal activities. Cooperation between law enforcement agencies, cybersecurity companies, and government organizations is essential for effectively disrupting the market for stolen credentials.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

7. Emerging Threats and Future Trends

The landscape of digital credentials is constantly evolving, with new threats and technologies emerging on a regular basis. This section examines some of the key emerging threats and future trends that are likely to shape the future of credential management and protection.

• AI-Driven Attacks: Artificial intelligence (AI) is increasingly being used by attackers to automate and enhance their credential harvesting and credential stuffing attacks. AI-powered phishing campaigns can generate highly realistic and personalized emails that are difficult to detect. AI-powered bots can bypass CAPTCHAs and other challenge-response tests, making it easier to perform credential stuffing attacks. AI can also be used to analyze large datasets of stolen credentials to identify patterns and relationships that can be used to crack passwords or bypass security defenses. The development of AI-powered attack tools poses a significant challenge to traditional security defenses and requires the development of new AI-powered security solutions. One of the potential countermeasures to AI-based attacks is to use adversarial machine learning to train systems to detect AI attacks.

• The Rise of Decentralized Identity: As previously discussed, decentralized identity solutions have the potential to revolutionize the way we manage and protect our digital identities. Decentralized identity solutions give users greater control over their personal data and credentials, reducing their reliance on centralized identity providers. This can improve privacy, security, and trust. However, decentralized identity solutions also pose new challenges, such as the need for interoperability and standardization. The development of widely adopted decentralized identity standards is essential for the widespread adoption of these solutions.

• Quantum Computing: Quantum computing poses a long-term threat to traditional cryptographic algorithms, including those used to protect passwords and other sensitive data. Quantum computers have the potential to break many of the cryptographic algorithms that are currently used to secure our online communications and transactions. The development of quantum-resistant cryptographic algorithms is essential for ensuring the long-term security of our digital credentials. The National Institute of Standards and Technology (NIST) is currently working to develop and standardize quantum-resistant cryptographic algorithms.

• The Metaverse: The metaverse, a persistent, shared virtual world, is creating new challenges for credential management and protection. Users will need to manage their identities and credentials across multiple virtual environments and platforms. The interoperability of credentials across different metaverse platforms will be crucial for ensuring a seamless user experience. The security and privacy of user data in the metaverse will also be a major concern. New authentication methods and access control mechanisms will be needed to protect user identities and data in the metaverse. The creation of decentralized identity systems may be particularly relevant in the Metaverse.

• API Security: With the increasing reliance on APIs (Application Programming Interfaces) for data exchange and application integration, securing APIs is critical for protecting credentials. Weakly secured APIs can be exploited by attackers to gain access to sensitive data, including credentials. API security best practices include implementing strong authentication and authorization mechanisms, rate limiting, and input validation. API gateways can provide a centralized point of control for securing APIs and managing traffic. Regular security audits and penetration testing are essential for identifying and addressing vulnerabilities in APIs.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

8. Conclusion

Digital credentials remain a critical vulnerability in the modern cybersecurity landscape. While stolen credentials have been identified as a primary attack vector, a deeper understanding of the intricacies of credential harvesting techniques, the lifecycle of stolen credentials on the dark web, and the economics of the stolen credential market is essential for developing effective countermeasures. Strategies for credential stuffing prevention, such as rate limiting, account lockout mechanisms, CAPTCHAs, password complexity policies, and multi-factor authentication, are crucial for mitigating the risk of account compromise. Emerging technologies for credential management and protection, including password managers, passwordless authentication, biometric verification, centralized credential management systems, behavioral biometrics, and decentralized identity solutions, offer promising avenues for enhancing security and improving user experience. Furthermore, ongoing vigilance is crucial to adapt to emerging threats such as AI-driven attacks and the challenges presented by the metaverse. By adopting a holistic and proactive approach to credential management and protection, organizations can significantly reduce their risk of falling victim to credential-based attacks and maintain the trust of their users.

Many thanks to our sponsor Esdebe who helped us prepare this research report.

References

• OWASP. (n.d.). OWASP Top Ten. Retrieved from https://owasp.org/www-project-top-ten/
• Krebs, B. (2021). Spam Nation: The Inside Story of Organized Cybercrime–From Global Epidemic to Your Front Door. Sourcebooks.
• Verizon. (2023). 2023 Data Breach Investigations Report. Retrieved from https://www.verizon.com/business/resources/reports/dbir/
• NIST. (n.d.). National Institute of Standards and Technology. Retrieved from https://www.nist.gov/
• Have I Been Pwned?. (n.d.). Retrieved from https://haveibeenpwned.com/
• FIDO Alliance. (n.d.). Fast Identity Online. Retrieved from https://fidoalliance.org/
• World Wide Web Consortium (W3C). (n.d.). Web Authentication (WebAuthn). Retrieved from https://www.w3.org/TR/webauthn-2/
• European Union Agency for Cybersecurity (ENISA). (2022). Threat Landscape 2022. Retrieved from https://www.enisa.europa.eu/topics/threat-risk-management/threats-and-trends
• IBM. (2023). Cost of a Data Breach Report 2023. Retrieved from https://www.ibm.com/security/data-breach