Password Safety Series: Password-Related Threats
Passwords are the key to our online identities. Behind our passwords lives our most sensitive information: bank records, finances, medical information, photos, and more. This is the kind of information cyber criminals will work tirelessly to access. Is your password up to the task?
Our password series will focus on different types of password-related threats and the tools and strategies available to protect our accounts.
Hackers use automated tools to figure out passwords. The length and complexity of a password is directly related to how quickly it can be decoded. Simple passwords are cracked in a fraction of a second, while complex passwords are almost unbreakable. Simple passwords can be dictionary words or sequential numbers or letters (either on the keyboard or in the alphabet).
Below are the worst passwords of 2019, according to Splashdata, based on five million leaked or breached passwords.
1 – 123456
2 – 123456789
3 – qwerty
4 – password
5 – 1234567
6 – 12345678
7 – 12345
8 – iloveyou
9 – 111111
10 – 123123
We talk a lot about phishing on the blog. One consequence of falling for a phish is divulging sensitive information like a password. In some phishing attacks, a link will lead to a fake login page. If you enter your password on one of these fake pages, it goes straight to the hacker. In other phishing attempts, a link in a phishing email may unleash malware that contains keystroke logging, which can also capture your passwords and deliver them to the hacker.
Password Recovery Systems
When you sign up for a new account, you may be asked to answer some personal questions that range from your mother’s maiden name to your high school mascot. These questions and answers are used when you forget your password and have to use the website’s built-in password recovery system. If you answer these questions honestly, how easy might it be for someone to research the answers? Your answers might be right there on your public social media account or found in a quick web search. In this case, the hacker doesn’t get your password, but he does gain control of your account.
Do you have a favorite password? The first one that pops into your head as you create a new account; the one you can always remember without having to think about it. While reusing a password is convenient, it can also be a major problem. When you reuse a password, every account that shares that password is at risk of being compromised. If one account is breached, a hacker may try that login information on multiple websites. Or, the login information might be published on the web for others to exploit.
Next week, we will cover the technologies and strategies available to help us protect our accounts.