Protecting your own password from hacking attempts
Password stealing is among the oldest moves in the hackers’ book. Research shows that theft of user credentials is more lethal than personally identifiable information (PII). The reason is that the former essentially exposes the user’s online accounts. Since email is generally used to authenticate credentials and store data from other accounts, a hacked email account can further lead to instances of identity theft and fraud.
As the theft of internet credentials continue to rise, we can’t help but ask this question, “why is it so easy to hack a password?” While it’s true that some password-related thefts are beyond our control, part of our susceptibility is our fault. We tend to use passwords that are very easy to guess. We also use the same password on numerous websites, so if one of our accounts is hacked, the hacker will have access to the rest of the accounts as well.
Learning how hackers break into our online accounts is the first step to knowing how to protect ourselves. Here are some of the ways by which hackers steal passwords:
Brute Force Attacks
What is a brute force attack? These are trial-and-error rounds run various times per minute with a specialized program based on your personal data or words that may seem important to you. This could be your birthday, your pet’s name, names of your family members, etc. It will take a hacker just a few minutes to locate your online accounts, such as Facebook, Twitter, and LinkedIn. The information they get on these profiles will enable them to guess more appropriate passwords.
Phishing
Here, we have two types, type one which is called tab nabbing and type two, also known as key logger attacks. Tab nabbing is where a hacker sends you an email with a link that, when clicked, leads you to a spoofed site that prompts you to enter your password and other credentials. That’s how they get your info. In some instances, the fake website asks for additional information including social insurance or social security number.
In key logger attacks, the hacker tries to trick the victim into downloading a malicious attachment that injects a venomous JavaScript into your browser. Without your knowledge, everything that you type, including your username and password, are registered and sent to the criminal.
Rainbow table attacks
This attack deals with hashes, which is the encrypted versions of passwords. The table has pre-calculated hashes of password pieces that, when accurately merged, produce the complete hash of the victim’s original passwords. The more technical aspect of this attack is likely to yield faster results, but it has the disadvantage of running on a lot of computing power.
Spidering
Sometimes, the hackers will forego the personal information hunt altogether. Since they are aware that a lot of people tend to create their passwords in relation to their jobs, they gather information on corporate terminology and other relevant facts from the company’s website or social media platforms such as LinkedIn and Facebook to come up with a word list that is then used to carry out dictionary and brute force attacks.
Spidering is generally reserved for big companies, as they typically have more information on the internet and will more likely have standardized passwords. This kind of attack is especially effective for hacking WiFi passwords.
The above are some of the ways by which hackers steal passwords. There are many more that we haven’t mentioned. Remember, the more secure your password, the safer your account is from being attacked by a hacker. More secure here means longer and more complicated. Your password should have at least eight characters, with a combination of upper and lowercase letters, numbers, and computer symbols. Criminals have various tools that they use to hack short, simple passwords in minutes. Avoid using recognizable words and any other information that could be linked to you, for example, birthdays. Also, don’t reuse passwords; if you have so many passwords to recall, consider using password manager tools like Password Boss, LastPass, Dashlane, and Sticky Password.
From Chris Jones #turnonvpn https://www.turnonvpn.org/