NEW!!! GET HELP FROM A DISTANCE! Call (512)560-2609 or email and set up a time for a session.

Thursday, August 22, 2019

PROTECTING YOUR PASSWORDS - Learn how people are stealing them!

The following article was sent to me by Chris Jones @turnonVPN. Since it fits so well into what this blog is about I am glad to share it with you. 

If you are like most people, you have once wondered how hackers are making it to
the numerous accounts you hear they breach every day. Hearing that these hackers
got access to some 3 billion accounts under the watchful eyes of Yahoo makes
it obvious that they don’t go around trying to hack into accounts one
after the other. Fortunately, it is not rocket science. Here are some of the
common tactics out there:

1. Dictionary Attack

This form of attack is just like the name, and even the most inexperienced of hackers
will try it out. It goes on the line of using dictionary words to try and find out what your
password could be. A password file will be fed to a computer algorithm, and that algorithm
will run all possible combinations until it gets the exact combination of words you
are using. It needs no telling that this will be the surest bet against a passphrase.
When that doesn’t work...
2. Hybrid Attack
Some users will prefer to have words and numbers in their password combinations rather
than just words. This is even common for users who believe they are better protected when
using a combination of words and symbols –  as we have in ‘p@ssw0rd.
The thing here is that a dictionary might have the word ‘password,’ but it would
surely not have that unique combination above. That is where a hybrid attack steps in
to take care of things. Running through the possible combination of dictionary words and
symbols which could be used with them, they will fish out passwords with special
characters in no time.
3. Brute Force Attacks

We need not tell you anymore that these attacks have not come to be subtle. They are
probably the granddaddy of all internet hacks and will be the most favored tool of
sophisticated hackers. Given the kind of resources and time that goes into using this
approach, it is no surprise that only the top hackers will want to go for it.
Brute force attackstrain an algorithm with all the possible words, numbers, symbols
and other special characters which could be used in a password. With a strong
processing power, the computer runs through millions of possible combinations
in mere minutes to hours. The algorithm will keep trying till it uncovers whatever
combination the password comes with.

4. Man in The Middle Attacks

The interesting thing about this form of attack is that it doesn’t even require running some
algorithm with the aim of getting your passwords. Much like phishing attempts
(we discuss this below), the user will be the one giving their passwords to the attacker –
in a way.This attack will most likely happen when you’re browsing the web on an
unencrypted network. Such networks are closer to you than you think –
think public Wi-Fi networks. 
Due to the lack of encryption, a hacker could place themselves between your computer’s
connection (the source server) and the website/ app/ platform (target server) you are
accessing on the web. This means any information you send to that target server
can be seen and hijacked by the hacker before it gets there.Think of all the
password information they could harvest this way. Just think about it.

5. Phishing Attacks

While brute force might be a force to reckon with (all pun intended) when it comes to going
all the way, phishing attacks take the crown for the most common form of attack.They
start off with that unassuming email that promises a user that they won a contest, need to
handle something in their bank or any other thing of the sort.  The email is usually
accompanied by a link which leads the user to a website that looks like one they trust,
and they are required to enter their login information. Unknown to these users,
entering such login details will send the information to such hackers.
In turn, the hackers can use those details to access the actual site of which they
have created a decoy. This form of attack is as sinister as it is brilliant.

Staying Safe from Hackers

The good news is that you are not helpless against these elements. The problem is that
password habits are on the decline, and it is becoming even easier for hackers to get
what they want these days. All that can be curbed only if everyone would use
strong and random passwords for their accounts. 
This is best achieved by:
  • Using online password generating software to create passwords for each and
every account you open
  • Downloading a password manager to handle your passwords so you
don’t have to remember them
  • Never share your passwords with anyone
With those, you can be sure of having a password that will take several years to crack!

No comments:

Post a Comment