|
Passwords have become the curse of modern society for many people!
With lots of different ones to remember it’s not surprising
that many of us choose the easy route and use simple passwords.
In fact the most commonly used passwords are:
- 1234567
- password
- abc123
- qwerty
- 111111
No wonder the hackers are so successful!
If you want to keep your systems and data safe, strong and secure
passwords are essential. Here are some tips on creating hacker-proof
passwords, based on our knowledge of the techniques which hackers
use.
The Hackers Top 10 Ways to Crack Passwords
1. Dictionary Attack
Hackers use software which goes through a file containing words
found in a dictionary. Simple but effective.
2. Brute Force Attack
This goes beyond the simple dictionary method, working through
all possible alpha-numeric combinations from aaa1 to zzz10.
3. Rainbow Table Attack
Most computer systems encrypt passwords creating ‘hashes.’
A rainbow table attack compares the hash of the original password
against hashes stored in the rainbow table. When it finds a match,
it can identify the password.
4. Phishing
The easiest way of all for the hackers! In a phishing attack the
unsuspecting user actually gives the hacker their password!
By clicking on a link in an email or opening an attachment, the
user is taken to a fake log in page and asked to confirm their username
and password. Their details are then stored for the hacker to use.
5. Social Engineering
A simple technique is to find out the names of family members and
pets from social media and use these to guess your password.
A more sophisticated technique is to send phishing emails based
on your social media activity. For example, the hacker might notice
that you have complained about a company on social media. They will
send you a fake apology email from that company, with the offer
of some compensation if you click on a link in the email.
6. Malware
Malicious software, or malware, can be installed on your computer
to record everything you type or to take screenshots during the
login process. This information is then sent to the hacker.
7. Offline Cracking
Often a computer system is hacked into without the business realising.
This gives the hackers as long as they need to gather data, including
encrypted user passwords, from the company’s servers, and
then to crack the encryption code, without alerting the unsuspecting
business.
8. Shoulder Surfing
Be careful if you are typing your password when there are other
people around. Make sure no-one is looking over your shoulder.
9. Spidering
Experienced hackers have realised that many corporate passwords
are made up of words connected to the business. By gathering data
from company literature, the company’s website, and sometimes
the websites of competitors and customers, hackers can compile a
list of words for use in a brute force attack.
10. Guesswork
As we mentioned above, a simple social engineering technique is
to check our social media chats and profiles and make a few educated
guesses about what your password might be.
Choose a Secure Password
So how do you confound the hackers?
To prevent attack choose a password according to the following
guidelines:
- Don’t include your username
- Use at least six characters
- Include characters from 3 of the following groups:
| Description |
Examples |
| Lowercase letters |
a, b, c |
| Uppercase letters |
A, B, C |
| Numerals |
0, 1, 2, 3, 4, 5, 6, 7, 8, 9 |
| Symbols (all characters not defined as letters or numerals) |
` ~ ! @ # $ % ^ & * ( ) _ + -={ } | [ ] \ : " ; ' < > ? , . / |
Remember passwords are case-sensitive and may contain as many as
127 characters!
Choose passwords that meet the above criteria and you give yourself
the best possible chance of foiling the attackers.
Another option is to use ‘passphrases’ - a phrase which
is quite long, but easy to remember. These are very hard to crack.
One recommended method is to use 3 unrelated words e.g. ‘bucket-zebra-avocado’
To summarise:
- Never give your password to anyone
- Don’t use one password across a number of systems
- Consider using a passphrase
- Make your passwords at least 10 characters long
- Include numbers, capital letters and symbols
- Consider using a password manager e.g. 1Password
- Consider using multi-factor authentication. This is where a
code is sent to another of your devices before you can log in
- Be aware of phishing attacks
- Make sure your devices are secure
- Use a password or fingerprint for your phone too
| 
