19 December 2014

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

540Posts 1,361,068Views 59Comments

What Makes My Passwords Vulnerable?

20 November 2012  |  2080 views  |  0

There is no such thing as a truly secure pass­word. There are only more secure or less secure passwords. Passwords are currently the most convenient and effective way to control access to your accounts.

Most people aren’t aware of the numerous com­mon techniques for cracking passwords:

Dictionary attacks: There are free online tools that make password cracking almost effortless. Dictionary attacks rely on software that automatically plugs com­mon words into password fields. So, don’t use dictionary words, slang terms, common misspellings, or words spelled backward. Avoid consecutive keyboard combinations such as qwerty or asdfg.

Cracking security questions: When you click the “Forgot Password” link within a webmail service or other website, you’re asked to answer a question or series of questions to verify your identity. Many people use names of spouses, kids, other relatives, or pets in security questions or as passwords themselves. These types of answers can be deduced with a little research, and can often be found on your social media profile. Don’t use traceable personal information in your security questions or passwords.

Simple passwords: When 32 million passwords were exposed in a breach last year, almost 1% of victims were using 123456. The next most popular password was 12345. Other common choices are 111111, princess, qwerty, and abc123. Avoid these types of passwords, which are easily guessed.

Reuse of passwords across multiple sites: When one data breach compro­mises passwords, that same login infor­mation can often be used to hack into users’ other accounts. Two recent breaches revealed a password reuse rate of 31 percent among victims. Reusing passwords for email, banking, and social media accounts can lead to identity theft.

Social engineering: As previously described, social engineering is the act of manipulating others into performing cer­tain actions or divulging confidential information, and can be used as an alter­native to traditional hacking. Social engineering can be employed to trick tar­gets into disclosing passwords.

One day we will develop a truly secure password, perhaps a cross-pollination of various access control tools such as biometrics, dynamic-based biometrics, image-based access, and multi-factor authentication. In the meantime, protect your information by creating a secure password that makes sense to you, but not to others.

Use different passwords for each of your accounts.

Be sure no one watches as you enter your password.

Always log off if there are other people in the vicinity of your laptop or other device. It only takes a moment for some­one to steal or change your password.

Use comprehensive security software and keep it up to date to avoid keystroke log­gers and other malware.

Avoid entering passwords on computers you don’t control, such as at an Internet café or library. These computers may have malware that steals passwords.

Avoid entering passwords when using unsecured Wi-Fi connections, such as at an airport or in a coffee shop. Hackers can intercept your passwords and other data over this unsecured connection.

TagsSecurity

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Robert

Social Media Identity Theft leads to Arrest

28 minutes ago  |  115 views  |  0  |  Recommends 0 TagsSecurity

Card Company's boosting Payment Security with Mobile

18 December 2014  |  676 views  |  0  |  Recommends 0 TagsSecurity

Chip and PIN, will It save Us?

17 December 2014  |  807 views  |  0  |  Recommends 0 TagsSecurity

Russian Hackers getting rich from your Identity

10 December 2014  |  1253 views  |  0  |  Recommends 0 TagsSecurity

Chip and PIN vs. Chip and Signature Cards

08 December 2014  |  1291 views  |  1  |  Recommends 0 TagsSecurity

Robert's profile

job title Security Analyst
location Boston
member since 2010
Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

Robert's expertise

Who is commenting on Robert's posts

Iain Montgomery
Otmane EL RHAZI
Ketharaman Swaminathan
Boris Taratine
Michael Rosenstein
Fred Pyziak
Matt Scott
Paul Love
Mike McCormack