Guest Post: Vlad de Ramos has been in the IT industry for more than 22 years with a focus on IT Management, Infrastructure Design and IT Security. He is also a professional business and life coach, a teacher and a change manager. He is a certified information security professional, a certified ethical hacker and forensics investigator and a certified information systems auditor.
According to Verizon’s 2016 Data Breach Investigations Report more than half of data breach cases are caused by weak or stolen passwords. Phishing scams are still one of the go-to methods of hackers because as the adage goes, “there’s a sucker born every minute.” How hackers crack passwords depends on several things, including you.
Okay, maybe it’s not entirely a person’s fault. As we become more vigilant, the better hackers become at devising ways to exploit vulnerabilities. They can send you a fake LinkedIn notification to add a connection that contains malware and you wouldn’t notice because according to their investigation, it appeals to your digital behavior. Hacking is not some magical on-the-fly operation the movies love to tell us. It’s a carefully planned scheme.
Once you slip or get a false sense of security, that’s when man-made vulnerabilities come in. There are variety of tools out there that can protect you from being hacked, but they can’t stop you from making innocent mistakes. Here are the reasons why passwords why passwords are the hackers best tool.
Reason #1: One password to rule them all.
We can’t blame you. You probably have a handful of online accounts and memorizing more than five passwords (and changing them regularly) can be such a pain.
Perhaps, just like many people, you have one or two passwords for all of your online accounts. Once a hacker unlocks one, he can unlock them all.
Reason #2: Most passwords are easy to guess.
Many people use a word related to their partners, children, pets, and maybe the city where they live. Since many sites require you to add an alphanumerical figure, many of these passwords are followed by either 0, 1 or even 12345.
In fact, some people use their date of their birth as passwords. Hackers can easily procure these personal data using a wide range of tools.
Reason #3: Many of the sites you visit are not prepared for hackers.
While some websites have pretty tight online IT security features, online forums and lifestyle-related sites are not equipped with the same features. Chances are, you’re using roughly the same username and passwords for all of them.
Once a hacker successfully generates several username+password pairings using online tools such as THC Hydra, WWWhack or Brutus, he or she can quickly try them in one of those easily targeted sites. This increases the likelihood of hacking your online accounts.
Reason #4: Many people don’t empty their web browser’s cache.
A hacker knows where to find the juiciest information they can use to hack your password, which is in your browser’s cache. Once a hacker gets hold of your browser history, he or she will know which sites you visit and for what purpose.
While many people reason out that this information is safe on their personal devices at home, hackers can breach these firewalls and hack your personal network. Easy-peasy for hackers who really want to destroy your life.
Reason #5: Social engineering.
Social engineering is the art of tricking people into giving them your personal information. We’re not just talking about your relationship drama and work history, we’re talking about bank information and personal details that can be used to hack into your online accounts.
Social manufacturing also enables these hackers to install malicious programs secretly—giving them access to your personal information and gaining control of your personal computer without you knowing it.
But, why do hackers do this and how do people become victimized? The process taps into the core concept of trust. For instance, gaining someone’s trust can be much easier than trying to hack the person’s password from scratch.
Reason #6: Sneaking a peek while you type.
This method is called shoulder surfing. It’s when someone can look over your shoulder while you type in your password. Unless a hacker is someone you personally know, logged onto an online account using a public computer, the chances of a hacker getting your password using the shoulder surfing method is pretty slim.
But, it can definitely happen. In cases when the hacker really is someone you know, he can easily trick you into giving him your password using social engineering.
Reason #7: You use public Wi-Fi a lot.
While public Wi-Fi is almost always welcome, the ones that ask you to log onto any of your accounts can be bad news. The username and password combos can easily be stolen, and if you happen to be using the same combo for everything else, the higher the chances of your accounts getting hacked.
Reason #8: You’re an exploitable employee.
Hacking doesn’t just apply to your personal life, but also to your work as well. Hackers can use you to gain access into your company’s network. Today, it’s every employee’s job to help protect their company’s assets because hackers will exploit all possible vulnerabilities. More often than not, employees get complacent over time and/or simply tweak their passwords for easy login credentials.
How Hackable are Your Passwords?
Memorizing multiple passwords can be a nuisance and regularly updating them can be a pain. However, these cannot compare to all the trouble you would face if a hacker successfully tapped into your accounts using your string of weak passwords. So, it makes sense to update them regularly and follow those tips to creating strong passwords. Be proactive in protecting your online data.
Learn How to Stop the Hacker
Try our Stop the Hacker course! Shut down social engineers and other attackers.