In recent years, cyber hacking has been on an exponential rise. Every other day there seems to be a story in the news regarding some form of cyber hacking or IT security breach. One can draw the similarities between cyber security and the common cold. “There may not be a cure for either, but there are ways to combat both” (Raposa).
Given the weaknesses that may be present with any IT security system, one of the most common security weaknesses that businesses and individuals face is poor password selection. Hackers have a plethora of ways for stealing passwords, from shoulder surfing to using advanced password cracking software and network analyzers. In a business setting, it’s up to the system administrator to set secure password policies for employees. For personal passwords, it is up to the user to set their desired level of security. However, convenience often outweighs security (“Password Hacking Methods”).
Looking back at some of the most common passwords for 2016, one would be surprised to know that they were “123456”, “123456789” and “password” (“Password Hacking Methods”). With all of the news of security breaches that are happening in today’s society, this is overwhelming. Selecting obvious passwords such as a birthday or favorite color, never changing passwords and reusing passwords across multiple security points tend to be very common among users. It is a field day for hackers when they come across poorly implemented passwords.
Methods for Password Hacking
The methods used to hack passwords range from simplistic to sophisticated. Depending on the hackers’ endgame and the system they are trying to access, they may choose one method over another. As stated prior, there is not an absolute cure for cyber hacking, only multiple ways to combat them. Knowing how hackers gain access to passwords is the start to understanding how to prevent them from doing so in the future.
Stealing a password is as easy as looking over someone’s shoulder as they type. This form of hacking is known as “shoulder surfing”. Due to the non-technical aspect of this method, this is one of the most common forms of hacking since all it requires is good eyesight. Just by being aware of your surroundings, you will be decreasing your chance of being shoulder surfed (“Password Hacking Methods”).
Weak Password Storage
Depending on the application being used, passwords may be stored locally. Applications such as email or accounting software’s tend to do this. By saving the password locally, the application is now extremely vulnerable to attacks if a hacker gains access to these applications (“Password Hacking Methods”). If prompted, “Would you like the application to remember your password”, decline the request. It is much better to be safe than sorry, even if it is inconvenient.
Social engineering techniques or “phishing attempts” used by hackers have been the heavy hitter as of late. These techniques often take advantage of the trusting nature of people. Victims are often manipulated into clicking on malicious links and entering in usernames and passwords. Google’s Gmail application was hit recently by a social engineering hack. This hack was designed as a bogus Google Doc invite, which asked for permission to the users Gmail account.
There are many more examples of social engineering schemes sent out by hackers every day. It is always best to keep an eye out for any suspicious emails and if something does not look right, reach out to your IT Administrator.
Combating Password Hacks
The above examples are only a few popular password hacking methods out there today. It is very important to keep up-to-date on the new hacking methods and to stay alert when applications ask for your passwords. In order to prevent password hacks, it is best to follow best practices when creating a password. Listed below are a few examples of password best practices (“Password Hacking Methods”):
- Create lengthy/complex passwords
- Use a combination of both upper and lowercase
- Use special characters but spread them throughout the password
- Always stay up-to-date with social engineering techniques
- Do not use the same password for multiple security points
- Do not store passwords in an unsecured location
- Change your passwords often
- Have strong password policies in place for employees to follow for a business setting
By following the above criteria, you will not only be benefiting yourself and securing your data but also that of your employer and business. Weak passwords and incorrect password etiquette are still the major downfalls of organizations and businesses in today’s society. When it comes to password security and cyber security, use your best judgement and always reach out to your IT Administrator if something looks suspicious or if you have any questions.
Written by: Grant Pickett