In the past, hackers were mostly threats against large companies actively using digital technology in business transactions. The worst that could have happened to an average user was to have data on one’s hard drive lost or to be locked out of one’s operating system. Which isn’t pleasant, but usually manageable.
Well, nowadays everyone uses digital tech for financial transactions, which means that in case of identity theft your problems won’t be limited to losing the family photo collection. Hackers work fast, too — according to 2017 research by Federal Trade Commission, it only took them nine minutes to attempt using info from a fake data breach. If your data gets compromised, you won’t have time to react — the only way is to use preventive measures. Here are the most common ways hackers get access to your passwords and data.
1. Brute force attacks
The most primitive and yet still quite effective method. The hacker will simply attempt to guess your password using specialized software that makes many attempts per minute. One would think that after hearing how important strong passwords are for the last few decades, people would be a little bit more careful. However, a recent study shows that at least 10 percent of people use one of the 25 worst passwords in existence, with a whopping 3 percent using the worst of them all — “123456.”
Use longer passwords. Every digit you add to a password increases the computing power necessary for successful attack exponentially.
2. Dictionary attacks
This approach uses a file containing a list of words from a dictionary and tries them as passwords one by one. That is why using existing words in the plain text as passwords is a very bad idea — a dictionary attack will guess it in a matter of seconds. Trying to group words together (e.g., “mysuperpassword”) won’t help.
Don’t use simple words and figure combinations as passwords. Don’t reuse the same password on many different services and never use the same passwords for accounts dealing with financial data and for registrations on shady third-rate services.
Hackers can specifically use words and numbers that are meaningful to you. As soon as they have any personal information about you, they can use it to guess your passwords based on your potential personal attachment to these words: significant dates, names of loved ones, pets, addresses (current and former), etc. Although an average person is unlikely to be targeted individually, a few minutes search across your social media accounts will provide hackers with a frightening amount of personal data.
Although an emotionally meaningful password can be easy to remember, it is easy to guess as well — so avoid using them.
This approach is more relevant for businesses and companies but can be applied to you personally if you use passwords based on your job at home. Many corporate passwords are based on terminology, slang, and facts relevant to the company or industry in question. At the same time, they are often simplistic enough to be guessed without trying too many permutations. Hackers don’t even have to collect the data manually — they use software similar to the tools used by search engines to identify keywords.
Most of these first four threats are solved by using strong passwords. But having different strong passwords for every registration is next to impossible when there are dozens of them to remember. Using a single password is not an option as well — if it gets compromised in one place all your accounts will be in danger.
Using a password manager to protect your passwords takes the best of both possible worlds. These tools keep all your passwords in a single vault protected by a master password. This way you can have strong and different passwords for every registration while only having to remember your master password.
Keyloggers are a kind of malware that can be picked up on infected websites or from attachments in email. They settle on your file system and don’t cause any harm by themselves — but they, as the name suggests, log your every keystroke and transfer it to hackers. This way, they not only get access to all your passwords but to everything you do, including your personal and business correspondence (which is potentially even worse).
The only way to deal with keyloggers is to avoid visiting suspicious websites, never open attachments from unknown correspondents, and regularly check your file system with high-quality antivirus software.
6. Shoulder surfing
Not all methods hackers use are high-tech, but it doesn’t make them any less effective. Shoulder surfing is exactly what it says on the tin — a hacker will just look over your shoulder when you enter a password. It is more common for ATMs, credit card machines and smartphones — any device that uses short and easy to memorize PINs and are normally accessed in public places.
The takeaway: Don’t leave passwords in plain sight and always be wary of people around you when you type in your password or PIN.
7. Social engineering
Another low-tech yet high-yield approach. The hacker just asks you to give him your password. The most common approach is to call an office, introduce oneself as a member of IT security, and ask for a network password. If it is done in a sufficiently matter-of-fact and confident manner, a surprising number of people give up their personal and corporate data without missing a beat.
Phishing is more or less the same as social engineering but it is done with the help of emails imitating correspondence from a legitimate service (online banking, payment system, etc.) and asking the user to log in and solve some security problem with his account. The email leads to a fake website that looks similar to the real one, and the user is fooled into submitting his password. Be sure to check all links before you click on it.
A healthy fear of hackers
The danger from loss of personal data grows together with our dependence on digital technology. So make sure you maintain a healthy paranoia to meet the demands of the times.
Featured image: Pixabay