Four Major Password Hacks – And How to Protect Against Them
This might sound ironic, but your password could be the reason you are vulnerable to hackers. Yes, we know you set them to keep the hackers away in the first place, but they might not do so at the end of the day.
The reason for that is not far-fetched.
Many users fall victim to poor password habits or certain misconceptions which puts them at the mercy of hackers, rather than away from these individuals.
If you worry at all about your cybersecurity – as you always should – here are some of the common mistakes you should start avoiding as from today.
1 Using the Same Password Multiple Times
This mistake falls in the same group with a host of many others. Don’t worry – we will let you in on everything in due time.
When most people use the same password across multiple accounts, the reason is usually easy remembrance. After all, the average user has tens of accounts to their name – and they will not want to be caught out forgetting some passwords anytime soon.
For others, they believe that they have created a single, complex master password which is now safe for securing all accounts they have access to. The problem here is that you will not only be giving hackers a key into your account but a master key into all of your other accounts.
Sophisticated hackers now know that a lot of users will prefer to use the same password for all their accounts. Thus, they will try to breach other accounts such a user might have with the same password they have found out from one breach.
If you happen to fall in that boat, there is no telling how much these hackers can get from you.
In the same vein, this is a problem that has mutated to users who slightly change their passwords for different purposes.
For example, say a user wanted to create accounts with websites A, B, C and D. They could go with:
Site A – September2016
Site B – September2017
Site C – September2018
Site D – September 2019.
In all fairness, the password above satisfies almost all password recommendations out there. Each password is a mix of upper and lowercase characters; they contain numbers in the mix and are all more than eight characters long. All of these won’t matter when a hacker gets their hands on just one of the passwords though.
Since they can now train their algorithms to look for similarities between passwords used for multiple accounts, it will only take mere minutes to get into all the other sites once they have the login details to one.
2 Creating Passwords with Personal Information
Password breaches have been happening for a while now, and they are getting even more serious by the day.
A Yahoo data leak from 2016 breached as much as 3 billion accounts. From these accounts, hackers have learned a lot about how people set their passwords. Trust us when we say 3 billion accounts is more than enough research – and we have not even mentioned the other serious data leaks which have happened in recent times.
Of course, hackers know that most users will prefer to use their personal details in their passwords. Again, this boils down to such users wanting to remember their passwords on a whim – which is one of the biggest mistakes you can ever make.
When talking about personal information, we don’t just mean your name, age or date of birth. That might be the only things hackers were gunning for sometimes in the past, but definitely not anymore.
These days, password crackers will try all possible combinations that include the name of your high school mascot, kids, pets, girlfriend/ boyfriend/ spouse, parents, siblings and much more. They will go after important dates in your life too, so you might want to stay off more than your birthday/ birth year.
A good way to trick yourself is by adding a random string of letters, numbers and/ or symbols alongside the personal information you have used in your password setup. Remember that the combinations are being run by a fast computer – and it won’t take such a machine so long before it figures out what the combinations are.
3 Setting Passwords by Walking Through the Keyboard
The fact that ‘qwertyuiop’ does not sound like an actual word does not mean it would be any less easy to hack. In fact, it would be one of the very first combinations to be tried by a hacker before they move on to others.
If you look at it, you didn’t even put any effort into setting this password at all. You just walked through the first line of your keyboard and called it a day.
At some points, you might think to make things more complicated by adding some numbers or symbols. If you have read anything from the above, though, you will know why that won’t work.
Coming under the same category as this mistake is one where users substitute actual letters for symbols on the keyboard. Here, we have such practices as using:
- The number ‘1’ for the letter ‘I’
- The symbol ‘@’ for the letter ‘a’
- The number ‘0’ for the letter ‘O’, and so much more.
We feel like we have been saying this a lot, but allow us to say it again one more time:
These password models can easily be predicted.
4 Storing Your Passwords on File as Plain Text
Are you one of the few people today who isn’t guilty of all the mistakes above? Maybe there is a high chance that you use different passwords for multiple accounts, make sure they do not contain any personally identifying information and were chosen with no particular order in mind.
Trust us when we say that is not an easy feat. Now that you have to know what passwords go with which account, storing them on a spreadsheet file/ emailing them to yourself is a great idea, right?
Wrong! Very wrong!
Ransomware attacks are the new hot thing, and they are even trying to surpass phishing attempts as it is. When your computer is being held at ransom, these hackers don’t just stop there.
They still go in search of files which could contain sensitive information on your computer – and your passwords are one of such sensitive information. Should they get their hands on such a file, the ransom they are demanding will instantly become the least of all your worries.
What Can You Do?
It is, again, ironic that a lot of users could have gotten out of the hacks which happened to them by applying very simple measures. You don’t have to take our word for it though. Implement these options when picking a password:
- No matter how many accounts you have, never use the same password for them. In fact, make sure no two passwords are remotely related. This might be difficult, but generating strong passwords securely with password generators will get you there. These password generators – the good ones, at least – will suggest password strings that will literally take a supercomputer several years to crack.
- Remembering all your passwords – especially the ones you will get from the password generators suggested above – will be impossible. Well, unless you have one of the most eidetic memories in history. It is, thus, recommended that you download a reputable password manager to handle all of your passwords. Whenever you need to login to an account, you can simply retrieve the password from the management application.
- A better alternative to storing your passwords as plain text are password managers. In fact, it is the best and only option you should consider when it comes to password storage of any kind.
- Don’t share your passwords with anyone. Even if they are the strongest on the planet, they might be leaked by the person(s) you shared them with. That insanity makes the password lose its meaning.
After all that we have said, we might have some bad news: no password is un-crackable.
So, why do you need to worry about password ethics then? That’s because some passwords can be hacked in mere minutes while others will take years to hack.
If your password is in the latter group, we can assure you that no hacker will invest that kind of time into stealing your data when they could go for others.
The question now is, which of these passwords would you rather have?