25 October 2014

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

521 | posts 1,326,318 | views 59 | comments

Lessons learned from a password attack

04 January 2014  |  1464 views  |  0

It’s easy for millions of passwords to be stolen via hacking into Facebook, Twitter and Gmail accounts: It recently happened because malware was unknowingly downloaded into computers worldwide that extracted log-in information. The data was then directed to the hackers’ server, which was tracked to the Netherlands.

A password is never 100 percent secure, but instead, more or less secure than others. Passwords can be cracked in many ways:

Cracking security questions. It seems that most people use easily-traceable names for their secret question when registering a password, such as names of family members and schools they attended. This information is often on their social media profiles and, with a bit of legwork, can be figured out. Often, passwords include these names as well.

Simple passwords. The passwords of 123456, abc123, 11111, etc., are easy to type out and are also among the most common, and thus easily figured out. “Princess” and “querty” are also commonly used words.

Using the same passwords for different sites. One-third of data-breach victims in a recent attack had been reusing passwords. Password reuse for social media, banking and e-mail opens the gate to identity theft.

Dictionary attacks. Software exists that will run any word that’s found in a dictionary (or commonly misspelled words) into the password field. If you use these words, the software will eventually score a hit.

Social engineering. This is when a thief tricks a user into revealing a password (often by sending an “urgent” e-mail informing the user to visit a site where he “must” type in his password).

There is still hope that one day a way to design a 100 percent secure password will be developed, perhaps through a fusion of biometrics, multi-factor authentication and image-based access.

What can you do in the meantime?

  • Use non-traceable words for passwords and answers to secret questions.
  • Avoid using passwords that flow easily off your fingertips like 67890, asdfg, etc.
  • Never reuse passwords. Passwords for all accounts should be very different from each other.
  • Invent names for your passwords that can’t be found anywhere. Avoid phonetic variations of common words or proper names. Don’t use backwards-spelled words.
  • Make sure nobody can see you enter your password.
  • Always log off if other people are nearby no matter how briefly you’ll be away.
  • Use up-to-date comprehensive security software.
  • Never use your password on a public computer.

TagsSecurity

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Robert

5 ways Criminals hack your PC

3 hours ago  |  285 views  |  0  |  Recommends 0 TagsSecurity

2 Ways to Prevent Military Identity Theft

24 October 2014  |  391 views  |  0  |  Recommends 0 TagsSecurity

3 Stupid Simple Tips to protect your Identity

22 October 2014  |  717 views  |  0  |  Recommends 0 TagsSecurity

6 Ways to prevent Social Engineering Attacks

14 October 2014  |  626 views  |  0  |  Recommends 0 TagsSecurity

7 ways to prevent Data Theft when traveling

10 October 2014  |  629 views  |  0  |  Recommends 0 TagsSecurity
name

Robert Siciliano

job title

Security Analyst

company name

IDTheftSecurity.com

member since

2010

location

Boston

Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations througho...

Robert's expertise

Who is commenting on Robert's posts

Otmane EL RHAZI
Ketharaman Swaminathan
Boris Taratine
Michael Rosenstein
Fred Pyziak
Matt Scott
Paul Love
Mike McCormack