Blog

The Importance of Having a Strong Password

posted by: Blog Author date: Jul 27, 2016 category: All, Malware, Phishing comments: 0

The amount of time the average person spends online is constantly increasing. There is a plethora of tasks – banking, shopping, TV viewing, chatting with friends, studying – that people carry out online on a daily basis, and there is always something new, just around the corner, which will drag us back to our PCs or Smart Phone again and again.

What’s disturbing, is that most people’s passwords are very simple and this leaves them vulnerable to having their various accounts hacked. The average person has 25-30 online profiles or accounts, but, to make it easier to remember, they use only 5 passwords for all of them. Also, thousands of people still use basic passwords (such as, ‘qwerty’, ‘1234’, or ‘password’) which is akin to giving your money straight to the hackers.

People often convince themselves that their passwords and logins are stored on their computer which is safe from being hacked, because it is behind a wireless router or firewall device. However, most people don’t bother to change the default password on this device, so a hacker could easily park outside your home or office, and use a laptop to run through a list of default passwords until they gain access to your network. It is vital that strong passwords are used for your router or firewall devices. The last thing you want, is for a hacker to gain control of your whole network and all of the computers and files within it.

Something else to keep in mind, is that some passwords that you think are insignificant, might actually make you extremely vulnerable if a hacker cracks them. For example, some people think that their email password is not important, because they “don’t receive anything of a sensitive nature”. In actual fact, their email address is probably connected to their online banking account. If a hacker obtains access to your email account, they could log into the Bank’s website and click the “Forgotten Password” link, which will then email a new password link to the email account the hacker now has access to. Bingo! They can now access your bank account too.

So, how do you think the hacker knows which bank you use and what your login ID is for the sites you frequent? All of that information is stored, unencrypted and clearly named, in your Web browser’s cache as Temporary Internet files, Web site cookies, browser history, and index.dat.

How do the hackers crack passwords?

These are just a couple of methods that hackers are using to crack your passwords.

Social engineering

This is becoming a popular method for obtaining passwords. Social engineering takes advantage of the trust people develop in their social media accounts. Conning people into revealing their passwords is a common technique used and surprisingly, it is often very successful.

Often the hacker will just ask a user for their password. For example, a hacker might call a user to tell them that there are high priority e-mails stuck in the mail queue, and their password is required to enable the caller to log in and release the messages. As crazy as this sounds, it often works, with no questions asked. “Ask and you shall receive!

Social engineering is made easy for hackers if staff details (names, phone numbers, and e-mail addresses) are posted on company websites. Social media sites such as LinkedIn, Facebook, and Twitter can also be used against a company because these sites often reveal employees’ names and contact information.

Keyloggers

A Keylogger is a program that hides in your computer’s memory and runs at startup. It logs every keystroke you type and creates a log, which is then sent to the hacker. It can be customised so that it cannot be shown in the “Processes” tab of Windows Task Manager, making it extremely difficult to detect.

How can you create a strong password?

  • Don’t use anything that can be found on your social media pages (such as your birthday, the name of a child, sports team, pet’s name etc).
  • Make it at least 7 characters long.
  • Use a combination of lowercase and uppercase letters, numbers and special characters (such as: ?,*! @ <).
  • Don’t use single words found in the dictionary.
  • Use what looks like a random set of characters, with no discernible patterns. You can achieve this by taking the first letter from each word of your favourite movie quote, replacing a few letters with numbers and adding some special characters. For example: “Houston, we have a problem!” could become “H,3h@p!”).
  • Change your password regularly (approximately every 90 days).
  • Use a password manager tool, such as using Roboform or 1Password, so that you can have a different random password for each account, without you having to remember them all.

Comments are closed.