19 April 2014

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

478 | posts 1,244,321 | views 57 | comments

Lessons learned from a password attack

04 January 2014  |  1338 views  |  0

It’s easy for millions of passwords to be stolen via hacking into Facebook, Twitter and Gmail accounts: It recently happened because malware was unknowingly downloaded into computers worldwide that extracted log-in information. The data was then directed to the hackers’ server, which was tracked to the Netherlands.

A password is never 100 percent secure, but instead, more or less secure than others. Passwords can be cracked in many ways:

Cracking security questions. It seems that most people use easily-traceable names for their secret question when registering a password, such as names of family members and schools they attended. This information is often on their social media profiles and, with a bit of legwork, can be figured out. Often, passwords include these names as well.

Simple passwords. The passwords of 123456, abc123, 11111, etc., are easy to type out and are also among the most common, and thus easily figured out. “Princess” and “querty” are also commonly used words.

Using the same passwords for different sites. One-third of data-breach victims in a recent attack had been reusing passwords. Password reuse for social media, banking and e-mail opens the gate to identity theft.

Dictionary attacks. Software exists that will run any word that’s found in a dictionary (or commonly misspelled words) into the password field. If you use these words, the software will eventually score a hit.

Social engineering. This is when a thief tricks a user into revealing a password (often by sending an “urgent” e-mail informing the user to visit a site where he “must” type in his password).

There is still hope that one day a way to design a 100 percent secure password will be developed, perhaps through a fusion of biometrics, multi-factor authentication and image-based access.

What can you do in the meantime?

  • Use non-traceable words for passwords and answers to secret questions.
  • Avoid using passwords that flow easily off your fingertips like 67890, asdfg, etc.
  • Never reuse passwords. Passwords for all accounts should be very different from each other.
  • Invent names for your passwords that can’t be found anywhere. Avoid phonetic variations of common words or proper names. Don’t use backwards-spelled words.
  • Make sure nobody can see you enter your password.
  • Always log off if other people are nearby no matter how briefly you’ll be away.
  • Use up-to-date comprehensive security software.
  • Never use your password on a public computer.

TagsSecurity

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Robert

Financial Services and Retail band together to fight Fraud

17 April 2014  |  557 views  |  0  |  Recommends 0 TagsSecurity

This Earth Day Clean Your Device Before You Recycle It

16 April 2014  |  436 views  |  0  |  Recommends 0 TagsSecurity

Protecting Your Business's Data From Organized Crime

15 April 2014  |  795 views  |  0  |  Recommends 0 TagsSecurity

Beware of the One Ring Scam

09 April 2014  |  677 views  |  1  |  Recommends 0 TagsSecurity

Workplace Violence 12 Signs Of A Dangerous Person

08 April 2014  |  482 views  |  0  |  Recommends 0 TagsSecurity
name

Robert Siciliano

job title

Security Analyst

company name

IDTheftSecurity.com

member since

2010

location

Boston

Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations througho...

Robert's expertise

Who is commenting on Robert's posts

Paul Love
Ketharaman Swaminathan
Mike McCormack