Whether you realize it or not, our current era of mobile and cloud computing can be defined, both positively and negatively, by shared secrets.
Shared secrets — passwords, authentication, and legacy multi-factor authentication — is the synchronous relationship between users and centralized authorities — online banks, social media sites, third-party applications — who hold the same secret.
Both the credential authentication process and the centralized database of passwords and other shared secrets creates a potential attack surface for malicious hackers to intercept the information. With stolen credentials, cybercriminals can impersonate users or undertake phishing or credential stuffing attacks via Account Take Over (ATO).