One of the most common security weaknesses that businesses and individuals face is poor password selection. Hackers have many ways of stealing passwords, from simple shoulder surfing to using sophisticated password cracking tools and network analyzers. When dealing with businesses, it’s up to the system administrator to set secure password policies for their employees. When dealing with personal passwords, it is up to the user to set the level of security for his or her own sensitive data. However, many people will choice convenience over security.
It’s hard to believe that some of the most common passwords in 2016 were 123456, 123456789 and password. With all of the security breaches that happen in today’s society this blows our minds. Common errors that people make when creating a password is selecting an obvious password such as a favorite color or birthday, never changing their password and reusing passwords across multiple security points. Hackers love when a poor password is implemented. Below we will show you the importance of password security by explaining the different methods that hackers use to steal passwords.
Password Hacking Methods
Password Cracking Tools
Hackers use a variety of password cracking tools to steal passwords. These tools use a high-tech method to guess a password by trying out different password combinations. Brute-force attacks and dictionary attacks both use password cracking tools to obtain passwords. Dictionary attacks will compare a set of popular dictionary words against passwords that are stored in databases. Hackers can even download or create their own set of lists that they think contains the password. A Brute-force attack on the other hand can pretty much guess any password. Brute-force software works by guessing every single combination of letters and numbers until it successfully guesses the correct password.
Hackers use social engineering techniques to take advantage of the trusting nature of humans. By manipulating their victims, hackers will try different methods such as phishing attempts, physical breaches, pretext calling or pretext mailing to gain access to their users passwords. By being properly trained and aware of the different types of social engineering methods, users can defend themselves against these attacks.
Weak Password Storage
Applications such as email or accounting softwares will store files locally. This leaves these applications extremely vulnerable to attacks. If a hacker gains access to these applications, they could easily perform a search for any file or folder containing the word password. Make sure that you are storing your passwords securely. If you can, don’t save your passwords when asked if you would like to remember your password. This may be inconvenient, but it is better to be safe than sorry.
Shoulder Surfing occurs when someone is watching you type your password. Humans are curious to begin with. Now tie that in with unethical hackers who want nothing more than to steal your information and will do anything to retrieve it. This method is commonly used as it is the least technical and doesn’t cost anything other than a good eye-sight. You can help prevent shoulder surfers by being aware of your surroundings when you are entering passwords and by practicing safe shoulder surfing exercises in the work environment.
Remote keystroke logging is when hackers capture a users keystroke through the use of a software or hardware. Once this software or hardware is installed, the hacker will be able to capture all keystrokes that is entered into the computer by recording them, including your passwords. Make sure that you or your employees are not downloading any suspicious software that may contain these keystroke logging softwares.
We outlined only a few password hacking methods, however there are thousands out there. Make sure to follow best practices when creating a password. We have outlined a few below:
- Create lengthy passwords
- Use a combination of upper and lowercase
- Use special characters throughout your password, but don’t bunch them together
- For businesses, create strong password policies for employees to follow
- Stay up-to-date with social engineering techniques
- Don’t use the same password across different security points
- Don’t store your passwords in an unsecured location
- Change your passwords often
Our Information Security team can help assist in the implementation of password policies and password awareness training. Check out our security services by clicking below!
In this blog post, we provide five cybersecurity awareness tips for employees to help them practice better cyber hygiene and defend sensitive data.
Click here to access KnowBe4’s FREE Resource Kit containing resources to share with employees throughout Cybersecurity Awareness Month!
We explore the top 3 red flags of phishing that businesses & employees should be aware of in order to recognize & mitigate a threat.