Despite the fact that more and more people today understand that their online information is at risk due to cybercriminals and hackers who try to do everything possible to get their hands on it, a significant part still neglects the security of passwords that protect their various accounts.
The average user has more than 100 passwords and the most common passwords are also the simplest to guess, easy to remember and certainly type. For example, passwords like 123456, QWERTY, and Password top the list of passwords hackers use to break into accounts.
What can a hacker do with my password?
Passwords serve as virtual keys to the digital world – they allow access to our online banking, email, social media, Netflix and all data in our cloud. If a hacker obtains our password, he can use it:
- Steal your personal identity information and sell it to other cybercriminals
- Sell access to the account itself. Cybercriminal websites on the dark web will offer access to such accounts to the highest bidder. Buyers will be able to use the access to get a wide range of things – from free taxi rides and free use of a streaming service to reduced-price flights using frequent flyer points on a compromised account.
- Use passwords to hack into other accounts where you use the same password.
More in Walla!
The intriguing process of recycling metal packaging
In cooperation with Tamir Recycling Corporation
When password isn't secure, credit card number isn't safe either/ShutterStock
Information security company ESET explains that hackers have different ways to reveal our passwords and cause us harm:
- Phishing and social engineering: This is by far the most popular way to try to steal our personal information, including passwords. Cybercriminals pose as legitimate and trustworthy entities such as the bank, credit card company, communication providers and even our friends and family in order to convince users to click on links or open email attachments. Clicking on a link or downloading a file will lead users to fake websites where they will be asked to enter personal information such as their login details, name and password, or even download malware directly to their computer.
- Malware: Cybercriminals also use malware to obtain passwords. While phishing emails are the most popular form of this type of attack, you may also suffer an attack if you click on a malicious advertisement online or even by visiting a compromised website. Many malware also hides in legitimate-looking apps that can be found on unofficial app stores. There are many types of data-stealing malware, the most common being programmed to record your keyboard clicks or take screenshots of your device and send them back to the attackers.
- Forced hacking: Many of us use passwords that are easy for us to remember (and therefore for others to guess) and set the same passwords for multiple websites and services. This can open the door to "forcible hacking" techniques. The most common method of doing this is credential stuffing In this type of attack, attackers enter large amounts of username and password combinations into certain websites using automated software, hoping to find a match in one of these combinations. According to one estimate, there have been more than 139 billion such attempts in the past year. Another technique for forcible hacking is called password spraying, in which hackers use automated software to cross-reference your account username with a list of common passwords.
- Over-the-shoulder peek: A fairly simple way for a real person standing right behind you peers over your shoulder and sees the personal information you receive, send or enter into your device. For example, you asked for a verification code to log into an account, and it just arrived and is displayed on your device in the message preview. The way to protect yourself here is simple and involves turning off the preview of messages on your mobile device, for example.
- Guess: If you're using a password from the list of most common passwords in the world, like the ones we gave at the beginning of this article as an example, you probably won't be surprised to find that it's not that complicated to guess. In 2020, the most popular slogan was 123456. If you use such a password, and more than one service, you make the attackers' job very simple, putting yourself at high risk of identity theft and various scams
What can I do? Use a phrase as a password
ESET explains that if you combine a group of words that make sense to the user, it will be easier to remember and much harder to guess. Here's how to create the best password for you:
- Use four to eight words that make sense for you, such as: I run every day.
- Add spaces between the words, you can also in: I am R z every day.
- If your password is in English, you can also use capital letters in some words.
- Use punctuation marks and special characters every day 5^
- Put in the numerals instead of some of the letters: I am r z every yo0 5^
- If you have a personal story or a certain memory, you can use words related to it so that yours will be easy to remember but others will not even understand.
In order to protect yourself in other ways, make sure to keep information and passwords secure
- Use different strong passwords for different services. If your password is leaked or someone somehow managed to get hold of it, they won't be able to use it to access other services.
- Make sure to periodically refresh your passwords, so even if someone uses your information with your password, they won't be able to continue doing so.
- To remember all passwords, you can use password managers that allow you to generate unique passwords and require you to remember only one password when logging in.
- Using two-factor authentication will also need to provide a code sent via SMS in addition to your password, so even if the attacker has your username and password, without the code, you won't be able to log into your account.
- Don't click on links or open files in emails from addresses you don't know.
- Download apps only from official stores
- If you're surfing a public network, try not to log into your personal accounts, and if you must, use a VPN.
- More on the subject: