28 August 2014

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

506 | posts 1,296,040 | views 59 | comments

Lessons learned from a password attack

04 January 2014  |  1432 views  |  0

It’s easy for millions of passwords to be stolen via hacking into Facebook, Twitter and Gmail accounts: It recently happened because malware was unknowingly downloaded into computers worldwide that extracted log-in information. The data was then directed to the hackers’ server, which was tracked to the Netherlands.

A password is never 100 percent secure, but instead, more or less secure than others. Passwords can be cracked in many ways:

Cracking security questions. It seems that most people use easily-traceable names for their secret question when registering a password, such as names of family members and schools they attended. This information is often on their social media profiles and, with a bit of legwork, can be figured out. Often, passwords include these names as well.

Simple passwords. The passwords of 123456, abc123, 11111, etc., are easy to type out and are also among the most common, and thus easily figured out. “Princess” and “querty” are also commonly used words.

Using the same passwords for different sites. One-third of data-breach victims in a recent attack had been reusing passwords. Password reuse for social media, banking and e-mail opens the gate to identity theft.

Dictionary attacks. Software exists that will run any word that’s found in a dictionary (or commonly misspelled words) into the password field. If you use these words, the software will eventually score a hit.

Social engineering. This is when a thief tricks a user into revealing a password (often by sending an “urgent” e-mail informing the user to visit a site where he “must” type in his password).

There is still hope that one day a way to design a 100 percent secure password will be developed, perhaps through a fusion of biometrics, multi-factor authentication and image-based access.

What can you do in the meantime?

  • Use non-traceable words for passwords and answers to secret questions.
  • Avoid using passwords that flow easily off your fingertips like 67890, asdfg, etc.
  • Never reuse passwords. Passwords for all accounts should be very different from each other.
  • Invent names for your passwords that can’t be found anywhere. Avoid phonetic variations of common words or proper names. Don’t use backwards-spelled words.
  • Make sure nobody can see you enter your password.
  • Always log off if other people are nearby no matter how briefly you’ll be away.
  • Use up-to-date comprehensive security software.
  • Never use your password on a public computer.

TagsSecurity

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Robert

Best Way to Destroy a Computer Virus

17 hours ago  |  437 views  |  0  |  Recommends 0 TagsSecurity

How to tell if your Computer has a Virus

25 August 2014  |  791 views  |  0  |  Recommends 0 TagsSecurity

Prepaid Cards risk of Fraud

22 August 2014  |  1086 views  |  0  |  Recommends 0 TagsSecurity

Beware of 5 Summertime Scams

17 August 2014  |  843 views  |  0  |  Recommends 0 TagsSecurity

The Role of Antivirus Software

16 August 2014  |  1790 views  |  2  |  Recommends 0 TagsSecurity
name

Robert Siciliano

job title

Security Analyst

company name

IDTheftSecurity.com

member since

2010

location

Boston

Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations througho...

Robert's expertise

Who is commenting on Robert's posts

Boris Taratine
Michael Rosenstein
Fred Pyziak
Matt Scott
Spyindiavimlesh kumar
Paul Love
Ketharaman Swaminathan
Mike McCormack