Martyn Landi, PA Technology Correspondent
Sun, 25 May 2025, 4:01 pm 4 min read
The public should create secret passwords with their family and friends to help them identify whether they are really interacting with them or an AI-generated deepfake impersonating them, a cyber security expert has said.
Cody Barrow, chief executive of cyber security firm EclecticIQ and a former adviser to the US government, said the rise of artificial intelligence has made impersonation scams easier to create.
He told the PA news agency that AI was helping to “lower the barrier to entry” for cybercriminals, and extra precautions beyond basic online security were needed to combat it.
“AI is huge. It’s not just hype. It’s very easy to dismiss it as such, but it’s really not,” Mr Barrow said.
“My wife and I were actually just discussing this – in recent months, we have (created) a secret code that we use that only the real me or the real her would know, so that if one of us ever receives a FaceTime video or WhatsApp video that looks and sounds like us, asking for money, asking for help – something very scary – we can use that code to verify that we’re the right person.
“So the fact that I’m doing that indicates what I think of it, right? I think it’s very real.
“We will see that it is much easier to generate deepfakes to fool people, to write phishing emails that look real. So I think it does lower the barrier to entry. It may also open the door to non-English speaking threat actors.”
Mr Barrow added that such an approach was necessary because the sheer number of data breaches in recent years meant the majority of people online would have had their personal details compromised at some point, so additional security was needed.
He said creating secret passwords among friends and family was especially important for older and younger users who may not have the best digital skills.
Mr Barrow added: “It may sound dramatic here in May 2025, but I’m quite confident that within a number of years, if not months, people will look back and say, absolutely yes, I should have done that, and I do think everyone should do it, especially if you have either more elderly family members or younger family members – because we have a lot of younger people who don’t actually understand this stuff either.
“Just about every human who’s used a computer or the internet has an old email account that’s been compromised at some stage when they had a non-secure password, which probably most people still do, and that email was compromised and someone stole their contact list.
English (US) ·