Oxford University has been named as one of the world’s ten elite colleges failing to protect themselves from data breaches caused by compromised passwords.
As students prepare for the new academic year, new research from Authlogics indicates that the universities “still have a lot to learn when it comes to protecting themselves” from incursions.
Most of the breaches recorded are at unis in the United Kingdom and the United States.
The results of Authlogics latest research follows statistics published by the company at the end of the academic year (May 2022), which revealed 187,648 email addresses connected to the domains of the world’s top ten universities (as recognised by The Times Higher Education World University Rankings 2022) had been password breached.
Despite many of these institutions being closed for the summer the total number of breached credentials has risen by 12,185 to 199,833. The figures relate to the month of August.
Whilst there is encouraging news for Oxford University and Edinburgh University, each recording no new breaches between May 2022 and August 2022, Cambridge University recorded the highest increase with 94 new breaches with a total of 18,724.
The Password Breach Status of the World’s Top Ten Universities (August 2022),
University Number of Password Email Breaches
- Oxford University 47
- Harvard University 2663
- California Institute of Technology 3105
- Princeton University 11631
- The University of Chicago 15230
- Cambridge University 18630
- Massachusetts Institute of Technology 22657
- Yale University 25605
- Stanford University 37210
- University of California, Berkley 50943
CEO of Authlogics, Steven Hope, said: “The number of breaches will continue to rise unless action is taken. Every new breach potentially increases a university’s exposure to risk.
“Whilst it is positive to see two of the top ten universities stemming the tide, we need to see these numbers being driven down.”
Hope added: “Making these institutions aware of the problem is the first step, now the onus is on them to take remedial action, whether that is closing dormant accounts, or enforcing password changes. The good news is that this can be achieved in days and well before the start of the new academic year”
To support schools, colleges and universities, Authlogics is providing a money back guarantee for the latest version of the Authlogics Password Security Management 4.1.
This end-to-end auditing, real-time protection, remediation, and reporting solution delivers rapid protection against breached and shared passwords, and mitigates common identity-based attacks such as phishing and keylogging, whilst removing the burden of password resetting from users and helpdesks.
The research was conducted using the Authlogics Password Breach Database – the world’s largest Breach Database, which holds over four billion breached credentials and more than 1.3bn compromised clear text passwords, it is the most definitive resource available regarding the password breach status of any live or dormant account.
Authlogics provide a complete authentication solution that is quick to deploy and easy to use. Authlogics believes that the move away from password-based authentication is inevitable which is why the company is delivering real customer-ready solutions today towards going passwordless.
• Reduce the complexity of existing passwords
• Ensure regulatory compliance
• Remove risk and replace passwords
• Provide passwordless and deviceless login options
As a global market leader in compliance and user authentication, Authlogics believes that increasing password security should not have to mean compromising simplicity. The Authlogics product suite offers users a complete, three-step solution for transitioning to modern authentication processes. From its unique password compliance solution (Password Security Management), through to the award-winning Multi-Factor Authentication technologies, to enabling users with a completely passwordless environment, Authlogics enhances network security whilst maintaining an easy and uniform user experience, whether on mobile, desktop, or cloud.