Attacker could you varieties of tools and technique to find your passwords. Some tools are freely available and could be very powerful. Therefore, users should be very careful when it comes to securing your passwords. Let's look at how passwords are cracked and how we can secure ourself from attack.
How passwords are cracked
1. Interception
Passwords can be intercepted as they are transmitted over a network.
2. Manual Guessing
Personal information, such as name and date of birth can be used to guess common passwords.
3. Social Engineering
Attackers use social engineering techniques to trick people into revealing passwords.
4. Brute Force Attack
Guessing of millions and billions of passwords until the correct one is found. Bad thing is ... this can be automated
5. Stealing Passwords
Many have the habit of storing the passwords either in sticky notes or in a device. Such insecurely stored passwords can be stolen.
6. Shoulder Surfing
This is a process of looking/observing when someone is typing a password.
7. Key Logger
Malicious software could be installed in your device which will store the password you type.
How to remain secure
1. Blacklist the most common passwords
2. Don't store passwords in plaintext. If you need to write it somewhere... write with some forms of encoding. Like say your passwords is AbrakaDabra. write it something like !Abraka0%0Dabra#$#. You should however remember what sorts of special character you are using and which is used for encoding.
3. Use password generator for various applications.
4. Do not use same passwords in multiple websites.
5. Do not use default vendor credentials
6. Use account lockout or monitoring tools to prevent brute force attack.
How passwords are cracked
1. Interception
Passwords can be intercepted as they are transmitted over a network.
2. Manual Guessing
Personal information, such as name and date of birth can be used to guess common passwords.
3. Social Engineering
Attackers use social engineering techniques to trick people into revealing passwords.
4. Brute Force Attack
Guessing of millions and billions of passwords until the correct one is found. Bad thing is ... this can be automated
5. Stealing Passwords
Many have the habit of storing the passwords either in sticky notes or in a device. Such insecurely stored passwords can be stolen.
6. Shoulder Surfing
This is a process of looking/observing when someone is typing a password.
7. Key Logger
Malicious software could be installed in your device which will store the password you type.
How to remain secure
1. Blacklist the most common passwords
2. Don't store passwords in plaintext. If you need to write it somewhere... write with some forms of encoding. Like say your passwords is AbrakaDabra. write it something like !Abraka0%0Dabra#$#. You should however remember what sorts of special character you are using and which is used for encoding.
3. Use password generator for various applications.
4. Do not use same passwords in multiple websites.
5. Do not use default vendor credentials
6. Use account lockout or monitoring tools to prevent brute force attack.
No comments:
Post a Comment