Hackers are getting smarter and breaches are increasing. Here are the key password threats and how to address them:
1. Users – Got trust issues? Not telling anyone your password to anyone is the best thing you can do. As soon as you share a password you’ve lost control. Don’t email or message passwords that you use to others. Yes, sometimes it means cheaper accounts but it is the easiest way to experience a breach. Secure passwords in a password manager – you can share access from these without others seeing the password. Some even have rolling passwords to ensure even higher levels of security.
2. Phishing – Yes, stuck record time. Don’t click links and if you do don’t fill in your credentials. Alert IT or me. Best of all – ensure you have 2FA enabled. If you do this you will reduce risk massively.
3. Social Engineering – Phone calls pretending to be the IT provider or other expert is increasingly common. Don’t divulge information to people you don’t know or recognise the sound of. Remember – phone numbers (thanks to SIP) are easy to spoof.
4. Keystroke Logging – Tools are freely available that, when installed, means that everything you type is seen by the criminals. Makes passwords rather pointless as a result. Using 2FA combats this. Ensure you have strong end point security (we like ESET AND Malewarebytes– yes, two is better than one) and avoid downloading files (free music, P2P movies and more seedy material are often packed full of malware).
5. Wireless sniffing – Public Wifi is typically insecure. It is easy to spy on you as you browse the internet. Packet sniffers are tough to combat but here is some good advice. One area of concern I have is in office environments. If you have wifi please ensure it has been secured and configured correctly. It is depressing logging onto a guest network and finding servers, printers etc. discoverable. Want to see what you’re up against? Here is a good example
6. Brute Force – Not smelly 70’s Brut. Brute force attacks are where a computer automatically tries to guess your password. The top 5000 most common passwords are “hacked” in less than 5 seconds. Your passwords should be like Andrex – Long and Strong. Three random words are waaaay better than complex numbers, symbols etc. What is easier to remember? Dogtreerobot or Cj&05Bnw=! ? Yeah, exactly. (Did I mention password managers?) If you have an online portal, make sure you can enforce strong passwords, introduce 2FA or at least use the annoying ReCaptcha method.
7. Dictionary Attacks – This method uses all words in the dictionary and often includes numbers. In other words “Ch0co1ate123” isn’t going to fool anyone. What could you use instead? Chocolatemadeyummy. That is tough to crack but easy to remember (obviously, don’t use that)
8. Handed on a plate – The former president of the United States and advert for fake tan, Donald Trump had his Twitter account hacked in October. Why? Because his password was easy to guess (maga2020 – Make America Great Again 2020). Use your birthday, kids, pets, partners, former schools etc etc in your password or use a your dog whistle slogan for your political campaign and guess what happens? Criminals aren’t daft so don’t make it easy for them.
One last thing – Remember to lie! Yes, lying is a very bad thing normally but security questions asking your mother’s maiden name etc are wonderful for criminals because that sort of information is easy to find out (people using social media typically overshare – that is why advertisers love these platforms). So lie. For example, my first pet was Red Rum!