In the past, passwords have kept sensitive information secure for many businesses and consumers alike. However, as technology has evolved, so have the practices of hackers and other cyber thieves. In order to keep themselves safe from having their information being stolen, many need to constantly upgrade their cybersecurity practices – but where does one start if they know nothing about technology?
We’ll be going over some ways to take your password security to the next level, but first, you should know how it is exactly that hackers get into your accounts. Though there are many other types of cyber security attacks (malware, phishing, etc.), only a few infiltrate passwords directly.
A Look at Password Attacks
The two most common types of password attacks are “brute-force” and “dictionary”, and while one definitely sounds scarier than the other, they are equally dangerous – but also equally avoidable. However, there are other ways to hack into someone’s accounts and access their information – we’ll be going over the top three most popular ways.
A Brute-Force Attack is a fancy way of saying “guess and check”. Using every letter, number, and character combination possible, a brute force program will go through one-by-one, repeating a task to find the right password, until it gets it correct. With that being said, shorter, simpler passwords that don’t contain a lot of unique characters are especially vulnerable to this type of attack.
A Dictionary Attack is a type of brute force attack; but instead of using every character one at a time, it uses a dictionary to guess popular words used in passwords. It also uses popular names, pet names, characters from TV shows and movies, even specific number sequences, that the hacker thinks will succeed in finding a password. What this means is that if a hacker is targeting a specific person, they can include specific words and names they believe are most likely to be used in that person’s passwords – their kid’s names, birthdays, places, and other significant dates.
Keystroke Logging tracks and records every button you press on your keyboard. It’s the mouse and keyboard version of listening in on a phone call, without the user ever knowing. Using keystroke logging, any time you enter a password, credit card number, or any other personal information can and will get recorded and used by hackers to access this information.
Why aren’t my passwords safe enough?
Now that we understand how hackers try to break into your accounts, we can think about ways to prevent this from happening. Because hackers have gotten more and more clever over the years, most passwords are no longer safe. Passwords like “Password” or “Fluffy1” or “[insert favorite child’s name here]123” are extremely easy to crack. Here’s a deeper dive on why the passwords you’re (probably) using right now need an upgrade:
- Your password is too short, even if it is considered ‘strong’ when you create it. Most websites these days will require things like an 8-character minimum, capital letter, number, and/or others. However, meeting these doesn’t automatically mean you’re safe. When creating passwords, the more characters used, the better. For example, “Bananas1!” may work as an acceptable password, but it is not as secure as “ApplesBananasOrangesLemons8419!”.
- With that said, you’re using words found in a dictionary. Looking back at dictionary, lots of commonly used words will be flagged immediately when a hacker uses a dictionary attack to break into an account. Using uncommon words, phrases, and names will keep your password from being detected during an attack.
- You’re using the same password for Every. Single. Account. Now, listen. I get it. Remembering a million different passwords is just not something you can do. But password recycling –the reuse of one password for multiple accounts– is used by 68% of people today, and hackers have a field day with multiple accounts all using the same password. When you use one password across several platforms, you’re making each account as insecure as the least secure – and if hackers can get into the least secure account, they have access to all of them.
- You’re not changing your passwords often enough (if at all). Hackers tend to be repeat offenders. Offenders using keystroke loggers will also have a higher chance of stealing information using recorded keystrokes the longer your passwords stay the same. Changing your passwords (once every 3 months is recommended) reduces the risk of multiple attempts to access the same accounts.
What else can I do to make sure my information is safe?
Taking the extra steps to ensure your information is safe is crucial to preventing hackers from breaking into your accounts. Both individuals and businesses are affected by hackers and cyber thieves every year.
- If you’re going to use numbers (which you should), don’t use consecutive or repeating ones. “123456” is the most commonly used sequence in passwords, followed by combinations like “987” and “111111”. Using unique number patterns that are not a birthday or significant date will decrease the risk of your password being cracked.
- Use two-factor authentication. Having two security walls up to protect your information is much better than one, and websites and apps can now offer two-factor authentication (commonly referred to as 2FA) for most of your online accounts to offer you more security than ever before. Apps like Authy and Google Authenticator are worth looking into, especially if you have sensitive and important information that you need extra security for.
- Having a high-quality password management system will keep your new and improved passwords safe and secure. Although it may seem foolish to have all of your passwords in one place, but password managers use military-grade encryptions so that brute-force attacks are rendered useless. Your passwords are encrypted before they even enter the password manager, making it impossible for anyone outside of it to know what information is stored in there. Choosing a good password management system will allow you to create more complex, safer passwords without the worry of memorizing them.
The tech world is evolving more and more each day. In order to keep up with hackers, we must constantly improve how secure we are keeping our online information. Taking these precautions will help not only reduce the chances of your information being stolen, but will also set you up to recover any losses you make in the future.