The amount of time the average person spends online is constantly increasing. There is a never-ending list of tasks such as banking, shopping, TV viewing, chatting with friends, studying that we carry out online on a daily basis.. There is always something new, just around the corner, which will drag us back to our PCs or Smart Phone again and again.
What’s disturbing, is that most people’s passwords are very simple and this leaves them vulnerable to having their various accounts hacked. The average person has 25-30 online profiles or accounts, but, to make it easier to remember, they use only 5 passwords for all of them. Also, thousands of people still use basic passwords (such as, ‘qwerty’, ‘1234’, or ‘password’) which is practically you giving your money straight to the hackers.
What’s the issue?
People often convince themselves that their passwords and logins are stored on their computer or phones which is safe from being hacked because it is behind a wireless router or firewall device. However, most people don’t bother to change the default password on this device, so a hacker could easily park outside your home or office, and use a laptop to run through a list of default passwords until they gain access to your network. It is vital that strong passwords are used for your router or firewall devices. The last thing you want is for a hacker to gain control of your whole network and all of the computers and files within it.
Something else to keep in mind is that some passwords that you think are insignificant, might actually make you extremely vulnerable. For example, some people think that their email password is not important, because they “don’t receive anything of a sensitive nature”. In actual fact, their email address is probably connected to their online banking account. If a hacker obtains access to your email account. They could log into the Bank’s website and click the “Forgotten Password” link. Which will then email a new password link to the email account the hacker now has access to. They can now access your bank account too.
So, how do you think the hacker knows which bank you use and what your login ID is for the sites you frequent? All of that information is stored, unencrypted and clearly named. In your Web browser’s cache as Temporary Internet files, Web site cookies, browser history, and index.dat.
How do the hackers crack passwords?
These are just a couple of methods that hackers are using to crack your passwords.
Social engineering – This is becoming a popular method for obtaining passwords. Social engineering takes advantage of the trust people to develop in their social media accounts. Conning people into revealing their passwords is a common technique used and surprisingly, it is often very successful.
Often the hacker will just ask a user for their password. For example, a hacker might call a user to tell them that there are high priority e-mails stuck in the mail queue, and their password is required to enable the caller to log in and release the messages. As crazy as this sounds, it often works, with no questions asked. “Ask and you shall receive!”
Social engineering is made easy for hackers if staff details. (names, phone numbers, and e-mail addresses) are posted on company websites. Social media sites such as LinkedIn, Facebook, and Twitter can also be used against a company. This is because these sites often reveal employees’ names and contact information.
Keyloggers – A Keylogger is a program that hides in your computer’s memory and runs at startup. It logs every keystroke you type and creates a log, which is then sent to the hacker. It can be customised so that it cannot be shown in the “Processes” tab of Windows Task Manager, making it extremely difficult to detect.
How can you create a strong password?
Don’t use anything that can be found on your social media pages. (such as your birthday, the name of a child, sports team, pet’s name etc).
Make it at least 7 characters long.
Use a combination of lowercase and uppercase letters, numbers and special characters (such as: ?,*! @ <).
Don’t use single words found in the dictionary.
Use what looks like a random set of characters, with no discernible patterns. You can achieve this by taking the first letter from each word of your favourite movie quote. Replacing a few letters with numbers and adding some special characters. For example: “Houston, we have a problem!” could become “H,3h@p!”).
Change your password regularly (approximately every 90 days).
Use a password manager tool, such as using Roboform or 1Password. So that you can have a different random password for each account, without you having to remember them all.