Hackers are on the prowl, and there seems to be nothing being done about it. With the advancement of technology comes a promise of better security, but this is not the case at all. While it does not look like it, though you can beat hackers at their own game. Before we go into that, it is important to look at why that is worth consideration at all.
The Deplorable State of Account Security
We have reached a stage where it is almost like no account is secure anymore. A hacker’s motive plays a significant role. Their determination often decides the chances of accessing the account.
That is not helped by users either. Security is highly advanced these days. Yet, it is shameful to find users still embracing simple passwords. This includes passwords like ‘12,345,’ ‘password’ and the like. It is almost like no one is even trying to be safe.
An IBM study also confirmed that looking to the future for better password security will not cut it. More young employees have way poorer password habits than older ones. If that is anything to go by, there is a sharp decline. The next set of young employees or people will continue the trend.
Likewise, trusting your passwords to big companies is not always a great move. They do their best to keep your passwords safe. But, these companies also have a big target on their back. That is why we have seen as many as 3 billion accounts get hacked on Yahoo alone. Uber also experienced over 57 million breaches of both driver and rider data.
Now that we all know how seriously hackers take the password business, let’s explore how they function. How do they do it at all?
The Many Faces of Hacking
The type of hack behind any account breach relies on the hacker’s level of sophistication. It also depends on the passwords they are after. I list some of the most common attacks below:
null
1. Rainbow table attack
Most services now store user password data in the form of computer-generated codes called hashes. That makes it impossible for a hacker to obtain the password database and know the actual password. These hashes do not resemble the real password. They can’t be used as a substitute either.
With a rainbow table, though, a hacker can reverse the hash and get what the actual password is.
2. Malware attack
This comes from loading infected applications and programs onto your device. It doesn’t matter if it is a smartphone, tablet, or computer. As long as the device can take applications and programs, they can use this attack against it.
The hacker builds an app/ software and inputs malicious code into the build. They can find already existent applications. Then, they modify them with these codes. They offer these modified apps to the public as ‘cracked versions,’ or via any other name.
On installation, the lines of code kick into action. They are programmed to take over the computer. This involves some form of ransomware. They also just record keystrokes with a keylogger. From there, a user’s password can be found. Such malicious software could be left operational for even years without the user suspecting anything out of place.
3. Dictionary attack
Passphrases are the susceptible forms of passwords here.
The computer receives a dictionary file. This file allows it to run through combinations of different words in the dictionary. These combinations could have been used in creating such a passphrase. A supercomputer isn’t necessary for such a hacker to test millions of combinations in just minutes. Soon, every password for the list of accounts being hacked will.
4. Plain text attack
This is a fault of the service where an account was created.
Quite several platforms still prefer to store their user data in plain text locked inside their database. To their credit, though, they don’t go around giving everyone access to this database. Nevertheless, hackers find ways to exploit this vulnerability.
Using a variety of the tactics above or more, they will get into such a platform’s database. The user information was stored in plain text format. They need only make copies of this file to gain access to all accounts on that database.
Winning the Password Game
The above list is not exhaustive. Hackers can still employ hybrid attacks, brute force attacks, man-in-the-middle attacks, and other forms of data breaching techniques.
The important thing, nevertheless, is staying safe against them.
Fortunately, you don’t have to give an arm and a leg to do that. For better password safety, you should:
- Desist from creating your password yourself. This makes them predictable since every human is predictable to a large extent. Rather, use online password generators to create strong and unique passwords that will take several years to crack.
- Don’t attempt to remember all your passwords. If you use a password generator as recommended, it is unlikely you will memorize the combination. Thus, get a password manager to handle all that.
- Never use the same password for over one account. If there is any slip-up or breach, one password should not unlock your other accounts. Keep your accounts secure by using different passwords.
- Do not share your passwords with anyone. Passwords can be secure, but sharing them increases the chance of a leak.
- Set up two-factor authentication on your accounts. That way, a hacker won’t be able to get in with only your password information.
