How the Bad Guys Get Your Passwords

Password thiefPasswords are an essential part to your businesses cybersafety. If, like the rest of us, you have dozens of passwords to remember, you might take shortcuts. Taking advantage of this type of attitude is one way bad guys access your passwords.

1. Default Passwords

Despite all the warnings, there are still people using “password” or “123456” as their access credentials. Some people also do not change the default passwords on their devices. So, anyone with physical access can pick up a router, look at the sticker, see the password and access that device.

Tip: Avoid the obvious passwords! When you have to create a password, make an effort. When it’s time to update a password, do so. Steer clear of simple, easily guessed patterns. See our blog article here, Time To Change Your Passwords, for more info.

2. Guessing Passwords

Cybercriminals can also guess your password. With a little bit of research about you, they can make some informed guesses. Common passwords people use include nicknames, pet names, birthdays and anniversaries. These details are all easy to find via your social media accounts.

Tip: Be careful what you share on social media! Don’t befriend strangers, as you are giving them access to a potential goldmine of information for personalizing an attack on you.

3. Brute Force

If that doesn’t work, criminals may try brute force access to your accounts. They may use an automated script to enter thousands or even millions of password permutations until they get a hit. The software will try a long list of common passwords and dictionary words to try and gain access.

Tip: Use a complex password with numbers, letters, and symbols or a passphrase. A passphrase is typically at least 19 characters long but is more memorable, as it unique to you.

4. Data Breaches

The criminal may also be working with information from a data breach. Over the years a number of websites have been hacked and their users credentials stolen. In early 2019, security researchers found more than 2.7 billion email / password pairs available on the Dark Web. Criminals accessing that database use this information as a starting point, as many people use the same username and passwords across many different accounts.

Tip: Use a unique password for each site. Yes, that’s overwhelming to remember, and that’s also why you should use a password manager to keep track of it all for you.

5. Public Computers and Networks

Criminals regularly hack into public access computers at airports, motels etc and install keylogger software. The logger records every key you press on the keyboard including usernames and passwords. Free or public wireless networks may have compromised routers or servers and thus the hackers have full access to see all the information crossing the network.

Tip: Be cautious about browsing the Internet on computers and / or networks you don’t trust. If in doubt don’t enter any passwords or other sensitive information.

6. Phishing

There is one very common method of getting your password that we haven’t addressed yet – it is a phishing attack. For instance, you may get an email that looks like it was sent by your bank. Phishing typically has an urgent message and a link that directs you to what looks like a credible page but it is actually controlled by the hacker.

Tip: Pay attention to who is sending the email by checking the senders email address and hover the mouse over the link to see where it goes.Even if it is from someone your know and trust speak to that person directly (face to face or via the telephone) to confirm that the email is legit. If you are concerned about your bank account, for example, open up a browser and type the URL manually in rather than clicking on the link.

The above tips can help you to protect your valuable passwords. Other ways to help secure your passwords are by using a password manager and also increasing your onsite security (security software, hardware firewalls and secure DNS).

If you need further help and support with your cyber security needs please contact DP Computing on 08 8326 4364 or su*****@dp*********.au.