LetMeIn101: How the Bad Guys Get Your Password
A strong password is essential to your cyber safety. Everybody knows it but, if you’re like the rest of the digital society, you probably have dozens of passwords to remember. It’s a lot. So, you take shortcuts. Taking advantage of your laissez-faire attitude is one way bad guys access your passwords.
Incredibly, there are still people out there using “password” or “123456” in their access credentials. Some people don’t change the default passwords on their devices. So, anyone can pick up a router, look at the sticker identifying the password, and access that network.
Tip: Avoid the obvious password!
When you have to create a password, make an effort. When it’s time to update a password, do so. Steer clear of simple, easily guessed patterns. There are even tools to help you generate secure passwords such as Norton Password Generator or LastPass Password Generator. Your browser can automatically generate a password and save it for you so you don’t need to remember it. We’d recommend you get a password manager for your personal use with a commercial solution via your MSP.
Cybercriminals can also guess your password. With a little bit of research about you online, they can make some informed guesses. Common passwords include pet names, birthdays, and anniversaries. These are all easy to find via your social media accounts, so avoid them!
Tip: Be careful what you share on social media!
Don’t connect with strangers on Facebook and other social channels. You are giving them access to a goldmine of info for personalising an attack on you. Be careful what information you put on social media. Maiden names, mothers surnames, dates of birth. These are all used as identifiers by organisations such as banks.
If that doesn’t work, criminals may try brute force. They might script an automation bot to run thousands of password permutations until they get a hit. The software will try a long list of common passwords and run through dictionary words to gain access.
Tip: Use a complex password with numbers, letters, and symbols or a passphrase.
We will repeat ourselves here and say use a password manager but if you insist on going it alone make your passwords difficult to crack. A passphrase is typically at least 19 characters long but is more memorable, as it unique to you.
The criminal may also be working with info from a data breach. In early 2019, a security researcher found more than 2.7 billion email/password pairs available on the Dark Web. Criminals accessing that database could use the data as a starting point, as many people duplicate their passwords across accounts. We can tell you what’s out on the Dark Web and set up monitoring to alert you if any of your credentials are breached. This gives you a head start in changing passwords and securing your data.
Tip: Use a unique password for each site.
Yes, that’s overwhelming to remember, and that’s also why you should use a password manager to keep track of it all for you.
However having your password to one site compromised is bad enough but if you’re using that possible across multiple sites then the problem just got a whole lot worse. This is particularly an issue where the same password is being used for both personal and business accounts.
If a breach occurs, such as happened with LinkedIn and Canva, we you receive an alert you change your password immediately. However, if you’re using that same password across other sites do you go and change it on all of them too? If not you are still at risk.
Tip: Be cautious about your online activity on computers or networks you don’t trust.
Criminals can also access your account if you’ve used a hacked public computer. The bad guys may have installed a key logger on the computer. The logger records every key you press on the keyboard. Or they might have compromised a router or server to be able to see your information.
Tip: Pay attention to who is sending you email.
Of course, there’s one more method of getting your password that we haven’t addressed yet. It’s the familiar phishing attack. For instance, you get an email that looks like it was sent by your bank. Phishing typically has an urgent message and a link that directs you to what looks like a credible page.
Hover the mouse over the link to see where it goes. If you are concerned about your bank account, for example, open up a browser and type the URL manually rather than clicking the link.
How We Can Help
These tips can help you to protect your valuable passwords. Still, setting up a password manager and amping up your internet security can help too. Multi Factor Authentication adds another layer of protection, meaning that even if your password is hacked criminals still can’t access your data.
Here at Your IT Department we provide cyber security as part of our Managed IT Support contracts. If you need support getting ahead of the cyber criminals then contact our experts today! Call us on 0115 8220200
Bonus! Free eBook
We offer a FREE cyber security assessment. Find out if your business needs one with our eBook ‘Does Your Business Need A Cyber Security Assessment‘