Did you forget to close your garage door when you left home, but then used your mobile device to...
Password Best Practices to Avoid Getting Hacked
With data breaches at an all-time high, cybersecurity practices are more important than ever before. Some may overlook password management as part of their suite of security best practices, but they shouldn’t. The truth is, studies show your chances of being hacked are close to 31 percent—approximately 1 out of 3.
Keeper Security recently analyzed 28.7 million passwords and came to a disturbing conclusion: A very large number of people have been using variants of their favorite sports team mascots as their passwords. If the mascot to your favorite team is a tiger or eagle, created bots can easily calculate variations such as T1ger, T1g3r, or Eagle, 3agle, Eag1e. This will leave you vulnerable to attack.
The majority of consumers don’t think they are a likely target. In reality, there are multiple ways that your passwords can become compromised. A few ways your password can get hacked include:
- Mass theft
- Wi-Fi traffic monitoring attacks
- Phishing attacks via tabnabbing
- Phishing attacks via keylogging
- Brute force attacks
In a brute force attack, a potential hacker utilizes a bot or an automated application program to use trial and error with different variations of a sequence of characters in an effort to crack passwords. This approach, combined with a phishing attack where a fake website is used, is often a starting point for hackers. For example, if a user is visiting a fantasy sports page, a pop-up may appear asking for the individual to sign up for added services in an attempt to get them to fill out a form with personal information. When asked to set up a password for this fictitious service or gaming application, users will often use an identical or similar password to the one used for other important accounts such as their banking platform. These common passwords serve as an inception point for the brute force attempts to follow.
While it may seem inconvenient to add password management to an already busy agenda, it is imperative to practice password management best practices. These include:
- Using a different password for each application you use.
- Making sure they are all strong passwords. When possible, use passphrases because they are stronger and easier to remember.
- Using multi-factor authentication when possible.
- Using a password manager. If you are using unique login credentials for every application, you will not remember them all.
- Never storing your passwords on a physical medium, which can be easily located by others. This includes sticky notes on the side of your computer or in your desk drawer.
- Creating new passwords on a regular basis. This includes setting a personal expiration even if the application does not force them.
- Avoiding typical character substitutions, such as @ for “A” and $ for “S”.
Another way your favorite mascot can get you hacked is through your security question. A common technique hackers are using is to go the “forgot password” route and use the security questions as a means to access personal information. Through social media platforms, such as Facebook, Instagram, and Twitter, hackers are easily able to study the private lives of their potential victims. As an example, if your high school information is publicly posted, and your security question is “what was your high school mascot?”, the cyber attacker can easily gather this information online and use it to compromise the security of your account.
The importance of not using a sports team mascot as your password comes down to the ease of accessibility to personal information paired with the automated abilities of hackers to deploy multiple resources in mass hacking. The consequences for victims of cyber break-ins extends to the loss of valuable data, as well as potential monetary loss. It is for these reasons that it will remain critical to continue employing the password management best practices mentioned above in order to protect your secure information from cybercriminals.
If you have questions related to password management or other cybersecurity threats, reach out to CyberGuard Compliance for help.