How do passwords get hacked?
Cybercriminals have several password-hacking tactics at their disposal. Purchasing user information is the most common. If you have been using the same password for several years, or even using the same password for numerous accounts, it is possible that your information has been breached. Let’s learn about a few of the most common types of attacks and how to prevent them.
- Brute force attacks are where cybercriminals use software that automates billions of guesses per second programmed to crack any 8-character password. Because of this, it is now recommended you use 12 characters or more to limit the hacking ability.
- Dictionary attacks are when an attacker guesses words in the dictionary until it matches. If you do use common words, mix the words in a random order to create a more secure password.
- Phishing is one of the most common attacks. Cybercriminals will trick you to input personal information by responding to a false claim. For example, a phishing email will (falsely) claim from a credible and authentic looking site you recently visited that there was something wrong with your credit card information. It will take you to a link that resembles your credit card company to which you would put in your information – and unknowingly supply it to a criminal.
How do I ensure passwords are secure?
- Always enable multifactor authentication. For example, an employee would enter their login credentials (username and password) to access software. They would then receive and enter a security code sent to them via text or email. This multiple authentication process ensures only the users with permission are accessing the data whether it is from a shared machine, home machine or company provided computer.
- Be original. Using common words, phrases or number combinations are more likely to be hacked. Common passwords to refrain from: ‘password,’ ‘abcdefg,’ ‘1234,’ etc. or single-word passwords. Additionally, make sure to immediately change any password your IT department sets up, as this may be common among multiple employees.
- Private, but not personal. Using public information, such as your job, your place of employment, or school is accessible to anyone. Using personal information about you or your family, birthdays or street names is also problematic. In the case you do want to use that information to help you remember, adding special characters in conjunction with multifactor authentication, is becoming the recommended standard.
- Mix it up. Users end up creating simpler passwords without those additions so they can remember them. That is counterproductive. The more complex, the more protected your data will be. You also want to avoid common substitutions, such as using numbers for vowels.
- Longer is better. The sentence method is when you string together a sentence and use abbreviations of those words. For example, if you wanted your password to be “Colorado Has The Best Mountains For Skiing,” that could be translated to “CoHaThBeMoFoSk.” This sentence can be personal to you, but unguessable to a hacker. The dictionary method, as described above, can be executed by stringing together words that make sense to you but not to anyone else. For example, “TowelLionAlmondFlag” is random enough that a hacker will most likely not put those words together.
- Use a password manager. When you have numerous and complicated passwords, you will feel inclined to be logged into your platforms or writing them down in your phone. Rather than keeping your data in an unsecure place, use a password manager, such as LastPass. These managers will require one master password that will store all your information. It is accessible to you and only accessible by you.
- Use a random password generator. Electronic generators will offer passwords ranging from any length, using millions of letter, number and special character combinations. As a rule of thumb, the longer the password, the better.
- Change your password frequently. The more you change your password, the less likely it will be that anyone will hack your information. At a minimum, you should change your password every three months for security. If you receive a notification of a log in or use you are not aware of, make sure you change all of your passwords to be safe.