- July 14, 2017
- Posted by: cyberanalyst
- Category: CISSP, Cyber-security and Ethical Hacking Training, Softwares, Technologies
Hello dear reader, in my previous journal on two-factor authentication, I discussed in detail about the two-factor authentication mechanism which I have decided to follow up with a discussion on password attacks.
In real life, we find ourselves having to use passwords every time. Our banking credentials (ATMs, mobile apps etc.), our personal computers, mobile devices are all password driven.
As a key is to a driver, so is a password to a hacker. Although passwords do not seem to have much value but the personal and confidential information which they conceal and store give them much value. So always look at your password more like digital keys which are gateways to your personal life, your network of friends, family, colleagues, contacts, photos, videos, emails, bank and payment details among a host of other private information.
If you have a weak password i.e. a password that can easily be guessed therefore taking poor security measures could give a provide information to the hacker. However, you can frustrate the efforts and attempts of a hacker in breaking into your system by implementing strong password security measures.
| Want to start an eBusiness and Grow it Globally with free IT, Legal, Internet Discounts,3 Months SME Startup Course, ePayment Integration, Biz Development Services, Free Website, Free SMS Units/Portal all done for you within 30 Days?
Start Here>> Click >>> Start a Digital Business in Nigeria
The mechanism which hackers use to grab your passwords are not some magical or exotic methods. Sometimes they do password guessing, information form social media and can employ some password cracking techniques.
A dictionary attack can be performed using a dictionary file containing a list of the common words that are often combined in passwords. Weak passwords such as those with words and phrases are the easiest for this program file to guess. To keep your account protected from a dictionary attack, the solution is to avoid the use of words and phrases as passwords.
Furthermore, I’ll list a few other ways to stay protected from this attack which are;
- Ensure not to use the same password across different applications and websites
- Do not write down your passwords on your diaries or notepads or share them with anyone
- Make use of the 2FA (two-factor authentication) whenever an extra layer of protection is required in your account. This is important because if a hacker discovers your password, they will still need to do a second factor approach to hacking your account.
- Develop a policy to change your passwords regularly. A policy can be a 3 months policy.
Security Tips on Social Media
One of the goldmines for information gathering is our social media accounts through our status updates, location sharing, likes, comments and posts. All these online activities go a long way to provide information about our personal lives. So, think about getting a new job, getting a new pet, moving to a new apartment in another location, and you may want to share all this experiences and activities. Also think about telling your contacts about your new friends, or displaying the name of your high school. These as well are all personal details which the hacker can readily grab to perform an attack.
Let me share a few Password and social media tips
- Do not broadcast your personal details which maybe clues to compromise your password.
- Avoid using your personal information of any sort in your password
- If you observe that someone on your contact that you do not know sends you links, just quietly block them from your contacts.
- Ensure to report any spam account you notice. When you do this, the social networking site takes note of such accounts and removes them.
- Employ the use of Norton Safe Web for Facebook. This is free application from Norton that helps to scan your newsfeeds for any kind of malicious link and informs you of any potential threat.
A password cracker attempts to crack a password by using brute force method. It tries a combination of a million characters repeatedly until the password is discovered. Short passwords as well as simple passwords are easier and faster to guess by a password cracker. Meanwhile, a long password and complex password will take a longer time and can be frustrating to crack. In cases such as this, the hacker may likely deploy the dictionary attack because of the long time it will take for it to crack the password. I always advice the use of passphrases. Passphrases are passwords that consist of a sequence of words put together.
Creating Complex Passwords
- Avoid using your phone numbers, your birthdays or family members and your SSN or your name, the name of a pet as well.
- Avoid the use of commonly used passwords such as; ‘12345’, ‘incorrect’, ‘password’, ‘qwerty’ and words like ‘apple’
- Always use the combination of uppercase and lowercases, including numbers, symbols as well.
How to create a complex password
- Never use phone numbers, addresses, birthdays, your SSN or your name, the name of a family member or pet in your password.
- Use a combination of uppercase and lowercase letters, numbers and symbols in your passwords.
- If you must use short phrases and words always misspell them including abbreviations. If you decide a word like ‘eleven’ you can decode it like this ‘e13v3n or a word like ‘I love You’, you can use ‘1l0v3y0u’ to make it some-worth complex. Take time to explore your options.
- There are online password generators you can also use to assist your decision on passwords
Password security tips for your Mobile devices
- Ensure the use of passwords on your mobile devices to prevent unauthorized persons from gaining access to your personal information. You can opt for an extra layer of security that is beyond the usual 4-digit pin. If use an iOS user, you can change it to lengthy alphanumeric codes which in your iPhone settings.
- Ensure your device auto-locks when you’re not using it. It can be timed as well.
- There are apps as well that can provide mobile security on your phone just to get an extra security to sensitive information on your phone. Some can also lock the applications.
What to do if you think your password has been stolen
Once you noticed your account has been hacked;
- Frist thing to do is to determine the type of attack that was done, if it was an online breach or from a POS.
- Try to monitor the compromised account or accounts especially when your banking accounts are involved.
- Then you can go ahead to change your password to a complex one and do that across all your accounts.
- Implement the two-factor authentication whenever there is a provision for it.
There are courses that can help you learn more about internet protection, your passwords and other information you may need to stay protected from any form of cyberattack. Subscribe to an Ethical Hacking course which is a well packaged course to guide you through cybersecurity. Contact US TODAY
Start Here>> Click >>> Start a Digital Business in Nigeria