Why Your Passwords Aren’t Strong Enough
Do you use the same password for everything? Or do you have a couple that you interchange? If the answer is yes, you’re not alone. Most people aren’t aware of how important it is to protect yourself against cyber-attacks. Over the last couple of years, there has been a huge rise in cybercrime, and it’s mainly because people think that hackers won’t target them.
You’ve probably heard people saying: “I’ve got nothing to hide, bring it on” or “hackers only target rich people”. Unfortunately, this is simply not true. A lot of cyber-attacks are random, and hackers aren’t targeting anyone in particular. In this article, we’re going to explain why your passwords aren’t strong enough and what you can do to improve them.
WHY ARE THEY NOT GOOD ENOUGH?
One Password
If you have one password for everything, there is one obvious problem. If a hacker manages to get hold of your password, they can get into everything you have online. That means your social media accounts, banking apps, and email are all at risk. Hackers can then use this sensitive information to blackmail you, make a purchase, or just trick you into sending money. You might not think you have anything to hide, but it’s amazing how much sensitive information we publish online without realising it.
Multiple Passwords
If you’re a bit more safety-conscious and have a couple of passwords, you’re still at risk. Cybercrime is a lot more sophisticated than it used to be and hackers can use software to quickly try your passwords in multiple different apps and services.
Personal Information Passwords
The other problem is that we tend to use personal information for our passwords. Think about this – you have a dog called Spot that you post about on Instagram all the time. You might use the password ‘spot123’ or ‘ilovespot’. The hacker can easily access your Instagram, find out the name of your dog, and try different passwords. And it’s not just pet names. If you use your favourite band, favourite TV show, best friend’s name, or anything that people can relate back to you, you’re at risk.
HOW DO HACKERS GUESS YOUR PASSWORD?
Sun Tzu said in The Art of War: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” To make sure your data is secure, it’s important to know how hackers can attack you. Here are some of the different methods they use.
Mass Data Breach
Every now and again, there will be a large data breach. The biggest ever was in 2013, when Yahoo lost the data from 1 billion accounts. When this happens, hackers can buy these log-in details and hashed passwords, then use a tool like Sentry MBA to try them against other accounts. For example, they could use the log-in details and passwords to try and access millions of different Facebook accounts. They’ll probably get into one in a thousand accounts, but if the numbers are big enough, it can affect thousands of people. If you have the same password for two or more different services, you are at risk of this kind of attack.
Wi-Fi Traffic Monitoring
Have you ever connected to public Wi-Fi? You’ve probably done it without even thinking about it. Just simply entered your email and a password you normally use and started browsing. The problem is that hackers can monitor all of the traffic on a public network. When you enter your username and password, an application alerts them, and they can intercept the data. Then, they have the password that you use for all of your accounts.
Phishing Attacks – Tab Nabbing
Despite the misspelt name, phishing attacks are exactly what they sound like – hackers are fishing for your data. For example, they might send you an email asking you to confirm your details to finish making a purchase. It looks like a legitimate email from your bank so you happily key in your details. Before you know it, they’ve got access to your bank account.
Phishing Attacks – Key Logger
This is a similar type of attack to the last one. You press a link in a legitimate-looking email, and it inserts a Javascript into your browser. Now, the hacker gets sent a record of everything you type into the computer, including your usernames and passwords.
Brute Force Attacks
This is the simplest form of cyber-attack. The hacker will use a tool that will systematically guess passwords until it finds the right one. That means, if you use a common password like 123456 (yep, people still use that as a password), the tool will guess it pretty quickly.
HOW TO IMPROVE YOUR PASSWORD SECURITY
Use Long Passphrases Instead of Passwords
In the early days of the internet, people were taught to make their passwords more complicated. Common techniques included replacing letters with numbers, capitalising letters, and adding symbols. For example, instead of using ‘sharon123’ you would use ‘5hAr0n123**’. The second password is definitely better than the first, but it’s still pretty easy for hackers to guess.
Nowadays, cybersecurity experts are telling us to use passphrases instead of passwords. A passphrase is longer than a password and contains spaces between the words. For example: ‘Twenty soldiers fought bravely despite the bad weather’. This is much harder for hackers to guess, and you can make it even more secure by adding symbols and numbers. The phrase doesn’t have to make grammatical sense either.
Get A Password Manager
This is the most important method of improving your password security. It is now suggested that you have a different password for every different service you use. With all the different social media accounts, apps, and other services we use, it would be impossible to remember enough passwords. The answer? A password manager.
Apps like 1password, Dashlane, & LastPass remember all of your passwords and automatically enter them into different websites and apps. They can also be used to generate secure passwords, so you don’t even have to think about it. Just make sure you remember your master password, or you could get locked out of everything.
Set up Two-Step Authorisation
A lot of apps and websites now offer two-step authorisation. So, once you enter your password, it will send an authorisation code to another one of your devices. That means, if a hacker wants to get into your account, they will have to physically steal your phone or tablet. Of course, it means it takes longer to log into your accounts, but it provides an extra level of security.
Hopefully, this article has given you some insight into password security. If your data has been breached, click here to find out about our data recovery service.