Hackers (unsplash photo)
The average person has about 100 passwords he needs to remember and that number has only been rising in recent years. This is one of the main reasons why many people circle corners and recycle passwords, which compromises information security. Passwords are due to the Achilles’ heel of digital life, in many cases the password is the only thing that separates cybercriminals from our personal and financial information and therefore cybercriminals have a keen interest in password theft.
This is why it is important that we invest significant effort in protecting our online accounts, at least as much as cybercriminals make an effort to get around it. At the information security company ESET, we are put in order: how to steal passwords, what can be done with our stolen passwords, and most importantly, how can we protect them and our information.
More in-
What can a hacker do with your password? Passwords are the virtual keys to the digital world – they enable access to online banking services, email, social media, Netflix and all the data in our cloud. If a hacker gets our password, he can use it:
– Steal your personal identity information and sell it to other cybercriminals
– Sell the access to the account itself. Cybercrime sites in Darknet (the Dark Web) will offer access to such accounts at the highest possible price. Buyers will be able to use the approach to achieve a wide range of things – from free taxi rides and free use of streaming services to reduced-cost flights via frequent flyer points in the hacked account.
– Use passwords to hack into additional accounts where you use the same password.
How do hackers steal passwords?
1. Fishing attacks and social engineering: Sad to admit, but not hard to trap people. In many cases, we make the wrong decisions when we are in a hurry. Cybercriminals exploit these weaknesses through social engineering – a psychological trick designed to make us do something we are not supposed to do. Phishing is probably the most famous example. In this technique, hackers impersonate legitimate entities: friends, family, businesses you are in contact with, and so on. The email or SMS you receive will look authentic, but will include a malicious link or attachment. If you click on them, they will download some damage or lead you to a web page where you will be asked to fill in your personal details.
2. Damages: Cybercriminals also use hacking to obtain passwords. While phishing messages are the main vector for this type of attack, you may suffer from such an attack even if you click on a malicious advertisement on the web or even by entering a hacked site. Many damages are also hidden in apps that seem legitimate, which can be found in unofficial app stores. There are many types of information theft damages, but the most common are programmed to record your keyboard presses or take screenshots of the device and send them back to the attackers.
More in-
4. Guessing: Although hackers have automated tools that they can use to carry out forced-type attacks, sometimes they are not even needed: even a simple guess (as opposed to the more systematic approach of forced-breaking attacks) can do the job. The most common password in 2020 was “123456”, with the second most common password being “123456789”. In fourth place was the well-known password “password”. If you recycle your password and use it on multiple sites like most people, or use the same password with a slight change in different accounts, you make the attackers’ job even easier and put yourself at higher risk for identity theft and fraud.
5. A peek over the shoulder: All the password theft routes we have presented so far are on the virtual plane. But with easing closures and moving a large portion of employees back to work from the office, it is worth remembering that some of the proven and well-known citation methods can also endanger you. This is not the only reason why a peek over the shoulder still poses a significant danger. One of ESET’s researchers, Jake Moore, conducted an experiment to find out how easy it is to hack into another person’s snapshot account using this simple technique. The more advanced version of this type of attack, called a “person in the middle” attack and uses wiretapping, allows hackers connected to public wireless networks to locate your password when you enter it into a particular site / service while you are both connected to the same network. Both techniques have been in use for a number of years, but that does not mean they have ceased to pose a threat.
How to protect your passwords? There are many things you can do to block these techniques – add another authentication factor to the login process, manage passwords more effectively, or take steps to prevent theft in the first place. Consider the following options:
Use only strong and unique passwords or passphrases for all online accounts – especially for bank accounts, email and social media
– Avoid reusing the same passwords in different accounts
– Add 2-step verification to all your accounts
– Use a password manager that will store strong and unique passwords for each site and account and make logging in to sites simple and secure
– Change your password immediately if a certain provider tells you that your information may have been leaked
Use only HTTPS sites to connect to
– Do not click on links and do not open attachments from emails from addresses you do not know
– Download apps only from official app stores
Invest in strong and reliable security software for each of your devices
– Beware of peeking over your shoulder in public spaces
– Do not connect to any account if you are connected to a public wireless network. If you must use such a network, use a VPN
Comments on the article(0):
Your response has been received and will be published subject to system policies.
Thanks.
For a new response
Your response was not sent due to a communication problem, please try again.
Return to comment