People should create secret passwords with their friends and family so they are able to tell them from AI deepfaked impersonators, an expert has said.
Former US government adviser and chief executive of cyber security firm Eclectic Cody Barrow said new measures were necessary to combat online criminals as AI had lowered ‘the barrier to entry’ .
He said: ‘AI is huge. It’s not just hype. It’s very easy to dismiss it as such, but it’s really not.’
He added he had come up with a password with his wife which only they would know, to make sure they are talking to themselves and not a scammer posing as one of them.
‘My wife and I were actually just discussing this’, he said. ‘In recent months, we have (created) a secret code that we use that only the real me or the real her would know, so that if one of us ever receives a FaceTime video or WhatsApp video that looks and sounds like us, asking for money, asking for help – something very scary – we can use that code to verify that we’re the right person.
‘So the fact that I’m doing that indicates what I think of it, right? I think it’s very real.
‘We will see that it is much easier to generate deepfakes to fool people, to write phishing emails that look real. So I think it does lower the barrier to entry. It may also open the door to non-English speaking threat actors.’
He said personal passwords could be helpful to more vulnerable users, such as older people and those without the best computer skills.
His comments come after a series of major data breaches at large companies and organisations, including M&S and the Coop.
M&S said its cyber attack was due to a ‘human error’ which allowed hackers to gain access via a third party in order to get into the retailer’s systems and steal customers’ data.
The incident is costing the retailer £42million a week in lost sales after it suspended online orders on April 25.
Mr Barrow said that with the ever increasing number of data breaches, it was likely a majority of people with an online footprint would have had their personal details compromised at some point.
He said: ‘It may sound dramatic here in May 2025, but I’m quite confident that within a number of years, if not months, people will look back and say, absolutely yes, I should have done that, and I do think everyone should do it, especially if you have either more elderly family members or younger family members – because we have a lot of younger people who don’t actually understand this stuff either.
‘Just about every human who’s used a computer or the internet has an old email account that’s been compromised at some stage when they had a non-secure password, which probably most people still do, and that email was compromised and someone stole their contact list.
“Then from that contact list, it’s not hard to generate malicious tooling that can duplicate the likeness of someone on that list and then send you some sort of scam that makes it look like it’s actually from that person.’
Mr Barrow said the M&S hackers may have been aided by the fact they appeared to be native English speaks, but also warned predictable security set-ups, such as two-factor authentication could have assisted the cybercriminals in creating a realistic looking scam.
‘The landscape that we’re seeing now is that we’re seeing a lot of people are really immunised and used to the security procedures they have to follow,’ he said.
‘They’re used to having to enter their phone authenticator code and do all the prompts. And so it was relatively trivial for this threat actor, which speaks native English, to really trick people into going through those motions and abusing multi-factor authentication to get into these outlets.’
Get in touch with our news team by emailing us at [email protected].
For more stories like this, check our news page.
MORE: First picture of officer fighting for life in hospital after being injured while on duty
MORE: Man exposed ‘buttocks and smacked himself in front of young girls on London bus’
MORE: Police officer fighting for life after ‘attempted murder’ while he was on duty
