Even in today’s technology-reliant world, not everyone realises the common techniques used to crack passwords or other ways we can make our accounts vulnerable, from simple and widely used passwords. For your password safety, we’ve put together a list of top tips for creating a secure password!
Ways to get hacked
Social Engineering: Social engineering is the term used for a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information.
What makes social engineering especially dangerous is that it relies on human error, rather than vulnerabilities in software and operating systems. Mistakes made by legitimate users are much less predictable, making them harder to identify and thwart than a malware-based intrusion.
Dictionary attacks: Avoid repeated keyboard combinations— such as qwerty, asdfg or 12345. Don’t use dictionary words, slang terms, or words spelt backwards. These cracks rely on software that automatically plugs common words into password fields. Password cracking becomes almost effortless with a tool like John the Ripper or similar programs.
Brute force attack: Like the dictionary attack, the brute force attack comes with a bonus for the hacker. Instead of only using words, a brute force attack lets them detect non-dictionary words by working through all possible alpha-numeric combinations from aaa1 to zzz10.
Spidering: Savvy hackers have realised that many corporate passwords are made up of words that are linked to the business itself. Studying corporate literature, website sales material and even the websites of competitors and listed customers can provide the ammunition to build a custom word list to use in a brute force attack.
Savvy hackers have automated the process and let a spidering application, like those employed by leading search engines to identify keywords, collect and collate the lists for them.
Cracking security questions: Many people use first names as passwords, usually the names of a loved one (or pets) all of which can be deduced with a little research. Clicking the “forgot password” link within a webmail service or other site, sometimes asks you to answer a question or two. More often than not, the answers can be found on your social media profile.
Simple passwords: Don’t use personal information such as your name, age, birth date, loved one’s name, pet’s name, or favourite anything, etc. When 32 million passwords were exposed in a breach last year, almost 1% of victims were using “123456.” The next most popular password was “12345.” Other common choices are “111111,” “princess,” “qwerty,” and “abc123.”
Reuse of passwords: Reusing passwords for email, banking, and social media accounts can lead to identity theft.
How to avoid getting hacked
- Although annoying and hard to keep track of, always use different passwords for each account.
- Use a password manager to generate strong passwords and keep track of all your passwords.
- Always lock or log off devices if you are walking away from them (even if no one’s around).
- Where possible, avoid using public WiFi (like a coffee shop) – hackers can quickly gain your passwords and other data through unsecured networks.
- Avoid logging into accounts on computers you don’t directly control, like library computers) – they could be infected with password-stealing malware.
- Never tell anyone your password, whether they’re your friend or trusted colleague – keep them to yourself, it’s better to be safe than sorry.
- Never write your password down, on your computer or in a notebook – you never know who could go snooping.
- Generally, passwords are required to be at least eight characters long. However, we suggest aiming for around 16 characters – the more, the merrier.
- Use a mixture of upper- and lower-case letters, numbers and symbols.
- We suggest picking two or more unrelated words to create your passwords, e.g. yellow turkey. So, we could make our password [y3lL0w?7urK3y!] – as you can see, we’ve used the above two rules, as well as this one.
- Don’t use your first name, or others in your family to create a password.
- Avoid using personal dates or easy to obtain information (social media can be used to gather information on you).
- If you are creating a password for a company account, don’t use the business name, or related words (Netitude: IT, Tech, Solutions).
- Favourite sports teams are easy to hack when background information is gathered on you (social media)
- Don’t recycle old passwords (Password1, Password2)
- Never send your password by email.
- Avoid putting personal details on social media and always make sure they are as secure as they can be. – Facebook accounts with little security measures make it easy for hackers to learn about you.
So, with all these tips and tricks, you should be fully equipped to create strong passwords of every one of your accounts!