27 August 2015

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

627Posts 1,564,464Views 62Comments

Lessons learned from a password attack

04 January 2014  |  1648 views  |  0

It’s easy for millions of passwords to be stolen via hacking into Facebook, Twitter and Gmail accounts: It recently happened because malware was unknowingly downloaded into computers worldwide that extracted log-in information. The data was then directed to the hackers’ server, which was tracked to the Netherlands.

A password is never 100 percent secure, but instead, more or less secure than others. Passwords can be cracked in many ways:

Cracking security questions. It seems that most people use easily-traceable names for their secret question when registering a password, such as names of family members and schools they attended. This information is often on their social media profiles and, with a bit of legwork, can be figured out. Often, passwords include these names as well.

Simple passwords. The passwords of 123456, abc123, 11111, etc., are easy to type out and are also among the most common, and thus easily figured out. “Princess” and “querty” are also commonly used words.

Using the same passwords for different sites. One-third of data-breach victims in a recent attack had been reusing passwords. Password reuse for social media, banking and e-mail opens the gate to identity theft.

Dictionary attacks. Software exists that will run any word that’s found in a dictionary (or commonly misspelled words) into the password field. If you use these words, the software will eventually score a hit.

Social engineering. This is when a thief tricks a user into revealing a password (often by sending an “urgent” e-mail informing the user to visit a site where he “must” type in his password).

There is still hope that one day a way to design a 100 percent secure password will be developed, perhaps through a fusion of biometrics, multi-factor authentication and image-based access.

What can you do in the meantime?

  • Use non-traceable words for passwords and answers to secret questions.
  • Avoid using passwords that flow easily off your fingertips like 67890, asdfg, etc.
  • Never reuse passwords. Passwords for all accounts should be very different from each other.
  • Invent names for your passwords that can’t be found anywhere. Avoid phonetic variations of common words or proper names. Don’t use backwards-spelled words.
  • Make sure nobody can see you enter your password.
  • Always log off if other people are nearby no matter how briefly you’ll be away.
  • Use up-to-date comprehensive security software.
  • Never use your password on a public computer.

TagsSecurity

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Robert

Zeus Malware Gang take-down

25 August 2015  |  1126 views  |  0  |  Recommends 0 TagsSecurity

UL to launch Cybersecurity Cert

20 August 2015  |  1224 views  |  0  |  Recommends 0 TagsSecurity

How to stop Browser Tracking

18 August 2015  |  1207 views  |  1  |  Recommends 0 TagsSecurity

Company for sale includes your Data

14 August 2015  |  1951 views  |  0  |  Recommends 0 TagsSecurity

Even Hackers get hacked

13 August 2015  |  1159 views  |  0  |  Recommends 0 TagsSecurity

Robert's profile

job title Security Analyst
location Boston
member since 2010
Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

Robert's expertise

Who's commenting on Robert's posts

Ulrich Rosenbaum
Revinia Curry
Balasubramaniam GD
Ketharaman Swaminathan
Matt Scott
Bjorn Soland
Prasenjit Das
John Serocold
Charmaine Oak
Iain Montgomery
Otmane EL RHAZI