Did you know that 81% of hacking or identity theft incidents were caused by weak or stolen passwords? Password security and password complexity is simply something you cannot ignore. Your password security is vital to keep unauthorized users from accessing your online accounts and stealing your personal information. Your stolen information could be used to commit crimes in your name, steal credit card information, banking information, or even be used in identity theft.
Now you are probably wondering how hackers are able to crack your passwords. Well the most common methods are Brute Force Attacks, password sniffing, and email phishing.
Brute Force attacks involves trying every possible key combinations until the right password is found. Example most users have a 4 digit code to unlock their phone. Using just numbers 1-9 there are only about 9,999 combinations to use before the 4 digit pin code is hacked. Hackers use very complex algorithms and super computers to try the combinations until the account is hacked. In most cases a 4 digit pin only takes a couple seconds to break.
Password Sniffing is a technique used by monitoring computer communications over a non-secure link. Example if you go to a website that uses http:// all communications to and from that server are in plain text. So if you type a user name and password it simply shows up on the wire in plain text. This type of attack can be easily avoided by ensuring you are only entering your credentials on a secure site. Secure web sites utilize https:// in the url. All traffic to and from a secure site are encrypted and pass over the wire scrambled.
Email Phishing involves a little more persuasion and typically occurs in email. Example a potential hacker emails a victim posing as a financial institution. The email states that the user needs to update their information and to complete the update please click the link below. Typically the email link goes to a website that appears to be legit but is fake and just a replica of the real website. The user enters their credentials on the fake website not knowing they were just fooled. The hacker now has legit credentials to access your financial account and goes to the real site to steal your information or worst yet your hard earned cash.
At this point you’re probably thinking how the heck can I prevent hackers from stealing my credentials?
First, you need to make sure you use long password. A password like: “I really like ice cream and fig newtons” Is a lot harder to crack than a password like: “P@ssw0rd”. Making long and complex passwords is the best.
Second, Use a different password for each site or account. I know it is super simple to just use one password for all accounts but if that password is ever compromised just know that all your accounts are in jeopardy of being hacked.
Most of all, do not save your passwords in a text file on your pc, in an excel document, or some other plain text system. Do yourself a favor and subscribe to a password safe service such as Dashlane, LastPass, or 1Password. These services can save all your account information and passwords in a single encrypted place and be shared across multiple devices. The bonus is they can create random long complicated passwords.
