Welcome to the new 130 cyber warriors who joined us last week. Each week, we'll be sharing insights from the Black Hat MEA community. Read exclusive interviews with industry experts and key findings from the #BHMEA stages.
Family passwords.
We wrote about misinformation and disinformation on the blog this week – which the World Economic Forum says is the biggest short-term threat to the global economy.
False information is also a very real threat to individuals – voice cloning and deepfake scams are increasingly common, and even a phone call that you think is from your favourite aunt could lead you into trouble.
A secret password, known only by your close family members or most trusted friends, could help to protect you and your loved ones from attack.
In December 2024 the FBI released advice that people create a secret word or phrase with their family to verify their identity.
In the UK, digital-first bank Starling has already created guidelines to help its users create ‘safe phrases’ to protect against WhatsApp scams.
And child protection charities around the world have been encouraging families to introduce safe words with their children to safeguard against online scams in which threat actors pose as a parent or trusted relative.
There are a wide range of scenarios in which a secret family (or friend group) password could come in useful.
For example…
Some families have been using passwords and phrases since the 1990s, or earlier, to add a layer of protection – mostly for their children.
Today, this simple tactic can still be effective – and with the rise of AI-powered scams, the use cases for a family security strategy are growing.
So how do you make a good one? The usual best-practices of cybersecurity apply:
But remember: a password isn’t totally foolproof. In stressful situations, our brains don’t always work the way we expect them to, and we can forget information. If your nephew can’t recall the password when he’s panicked on the phone, it isn’t absolute proof of a deepfake – just a reason to grab another device and confirm his whereabouts with another trusted person.
AI-powered social engineering attacks are on the rise. So could organisations find a way to introduce company-wide passwords to protect against deepfakes that leverage trust – for example, to persuade an employee to transfer funds to an external bank account?
The differences between a family sharing a secret password and an organisation attempting to do the same are obvious:
But between small groups, there’s potential for secret passwords to help prevent falling victim social engineering scams; for example, a senior-management-team-only password that’s changed regularly.
We want to know what you think. Open this newsletter on LinkedIn and tell us your perspective in the comment section: could organisations implement verbal passwords to protect against AI cloning and deepfake attacks?
Do you have an idea for a topic you'd like us to cover? We're eager to hear it! Drop us a message and share your thoughts. Our next newsletter is scheduled for 9 February 2025.
Catch you next week,
Steve Durning
Exhibition Director
Join us at Black Hat MEA 2025 to grow your network, expand your knowledge, and build your business.
Join the newsletter to receive the latest updates in your inbox.