Password Safety and Complexity to Protect Your Accounts
By James Warnken
“The most used password in the world is 123456.”
A simple password like this is cracked in a matter of just a few seconds. Whereas, if your password contains one capital letter, lower case letters, and numbers it may take a few hours to crack. The most complex passwords take weeks to crack and they include everything above including randomly placed special characters within the password. Keep this in mind when renewing or creating passwords to ensure accounts and information are secured by complex and strong passwords.
Before delving into how to construct a complex and secure password, we must first understand how hackers are stealing and breaking passwords in just minutes and clicks.
There are 5 ways hackers steal and break passwords to be mindful of:
- Mass Password Theft: This form of theft is done solely using a program and exploiting files within websites that contain username and password credentials. A hacker uses a software that scans websites that store and create lists of user credentials and once found the hacker has full access to do with the information as they please. One interesting fact is that a computer does not have to be connected to wifi or even turned on for this to happen. This theft is done by a server basis which means websites with autofill passwords enabled and weak security are a prime target for this form of password theft.
- Wi-fi Traffic Monitoring: This form of password and credential theft often goes undetected, this is not often given a second thought. When visiting public places that offer free WIFI that require a sign in with an email are often where this takes place. A hacker sits within that network and once an email address is entered they then can monitor and record information from any site or programs visited while on the free public network. For example, say you are on a public network checking your social media accounts, if a hacker is monitoring the network once you enter your password to login the hacker now has the needed credentials to access the account.
- Trial and Error Theft: Although less practical for hackers, this method is still relevant and used with today’s technology. This method is exactly as it sounds. Hackers know that most people use significant words, phrases, or dates when setting passwords so just by guessing and performing trial and error a password can be cracked. For example, it is common for people to use their date of birth in some form within their password, this information is easy for someone to get ahold of and use when trying to guess a password.
There are two forms of phishing attacks:
- Fake Websites: Everyone gets obvious spam emails, but what about the ones that seem legitimate and very important. Some hackers have been known to set up websites that mimic official sites that then send spam emails that seem real. This is one effective way hackers steal credentials without much work beyond the setup phases. The email usually seems very important and provides a link that will help resolve whatever issues is claimed to be occurring. Once the username and password have been entered the hacker has the information that then can be used to log into the actual account and do whatever they wish. These are very hard to spot and many times are never given a second thought. If this occurs and may be a problem that could be happening do not log in through the link provided in the email. Go to the official website and login there.
- Key Logging: This form of phishing is very common and usually is very easy to spot. Hackers send emails that attempt to catch the receivers attention through various ways that aims to drive them to clicking on a link attached to the email. If the link is opened it may seem that nothing bad has happened which is true from a general view. However, on the back end, the email will inject code into the device and begins tracking and recording information. Such codes track keys and information within files that are then used to breech, crack, and steal passwords, credentials, and sensitive information. One rule of thumb is if it seems to good to be true, it more than likely is.