UARD Yearbook

The growing dependence on digital platforms for communication, data storage, and service delivery has made user accounts a central element in contemporary cybersecurity. As cyberattacks increasingly target personal credentials and authentication processes, the threat spectrum has shifted from purely technical vulnerabilities to a combination of technical and human weaknesses. This article examines practical methods for reinforcing account protection by analyzing authentication practices, device-level safeguards, and user behavior. The study highlights the persistent challenges posed by password reuse [1], insufficient multi-factor authentication [4], and manipulation through social engineering. Particular attention is paid to the role of adaptive authentication and the transition toward passwordless systems, which are gradually redefining security standards. Furthermore, examples from cybersecurity reports and institutional guidelines illustrate the frequency of identity-based breaches and point to necessary changes in user habits and organizational practices. The analysis demonstrates that effective account security depends on a multilayered strategy that integrates strong credentials, secure devices, awareness of deceptive techniques, and consistent use of advanced authentication tools. The findings indicate that modern cybersecurity can no longer rely on isolated defenses but must instead adopt a holistic framework capable of responding to evolving threats and increasingly targeted attacks [1] [5] [6] [8] [9].

National Institute of Standards and Technology. (2023). Digital Identity Guidelines (NIST SP 800-63-4 Draft). U.S. Department of Commerce. https://pages.nist.gov/800-63-4/

ENISA – European Union Agency for Cybersecurity. (2022). Guidelines on Securing Digital Identities. https://www.enisa.europa.eu/

Verizon. (2023). Data Breach Investigations Report (DBIR). https://www.verizon.com/business/resources/reports/dbir/

Google Security Blog. (2021). A Year in Review: Advancing Account Security. https://security.googleblog.com/

Microsoft. (2023). Identity Security: Protecting Credentials in a Modern Threat Landscape. https://www.microsoft.com/security

Bonneau, J., Herley, C., Van Oorschot, P., & Stajano, F. (2015). Password Security: What Users Know and What They Actually Do. Communications of the ACM, 58(7), 39–44. https://doi.org/10.1145/2699390

Thomas, K., et al. (2017). Protecting Accounts from Automated Guessing Attacks. Proceedings of the 26th USENIX Security Symposium. https://www.usenix.org/

FIDO Alliance. (2022). Understanding Passwordless Authentication. https://fidoalliance.org/

Cybersecurity & Infrastructure Security Agency (CISA). (2023). Mitigating Phishing and Social Engineering Attacks. https://www.cisa.gov/