How Hackers Crack Your Passwords

Posted on:

May 29, 2014

As computers become a greater part of our day-to-day living, from personal databases, to online shopping and banking, hackers are dedicating more time to, and becoming more advanced at, cracking passwords to access personal information.

And they are using a variety of methods. Word list and dictionary programs and password cracking software also make it quite a simple task.

“The ones we hear of most are brute force attacks, which is like trying every possible combination until you find one that works, and dictionary attacks using words found in English and foreign dictionaries,” Internal IT Systems Engineer, Julian Jordan said.

Phishing – where a hacker posing as a legitimate company tries to get you to give up your password, usually by telling you that your account may be compromised – is also very common.

And one you’d think wouldn’t work is proving to be surprisingly effective. Social engineering is where someone calls you and tricks you into giving up sensitive information.

Hackers also take advantage of vulnerabilities in software to compromise computers. That’s why it is important to make sure software has the latest updates and patches. The corporate world recently got to see just how important this is when the Heartbleed virus left around 17 million of the Internet’s secure web servers, certified by trusted authorities, vulnerable to attack, allowing theft of the servers’ private keys and users’ session cookies and passwords.

In the instance of the Heartbleed virus, password best practices would have done little to prevent information being compromised, because it exploited a bug in OpenSSL, one of the most popular tools used to encrypt traffic on the Internet. So even across secure channels hackers could potentially access passwords and other sensitive information. This made Heartbleed particularly serious and resulted in a mass rush for affected websites to patch the vulnerability. Many of them requested that users change their passwords after the patch was implemented.

CHOOSING A GOOD PASSWORD
While some diligence is required on your part to safeguard the personal information you have stored online, the good news is that the steps you need to take are simple ones. If your password is harder to crack, then sensitive data, such as credit card details is that much safer.

So here are some things to consider when choosing a password.

Make sure it is complex enough to be difficult to guess, but also not too complex or random that you never remember it. It is often useful to use mnemonics, substituting letters with numbers and characters where possible. For example, “nothing ventured” can be typed as “n0Th!ngV3ntureD.”

You can also combine phrases with mnemonics. So, think of a phrase you’ll easily remember, and using the first letter of each word in the phrase, you can create a strong password. For example, “I Love To Sing In The Shower” becomes “ILTSITS.” However, you can make it even stronger by incorporating symbols and alternating lowercase with upper case letters: “!L2sItS”. Bear in mind however, that this is just an example. Shorter passwords should be avoided. Jordan suggests that passwords be no shorter than eight characters long and in addition to upper and lowercase alphanumeric characters, numbers, and special characters like $, *, £, also utilize extended ASCII characters like Ã, ƾ, ǂ, ʕ where accepted.

Do not use personal information to create your password. This is a tough but vital one to follow. Since it’s necessary to remember the passwords we choose, the tendency is to include personal information like birthdates, your mother’s maiden name, nick names and the names of pets. However, hackers can easily access such information, so it’s best not to use it.

Avoid words found in the dictionary, whether it is an English or foreign language dictionary. Using such words would make you an easy target in a dictionary attack.

Passwords should never be the same, especially the ones protecting your most important information. Doing this gives a hacker access to all of your accounts if s/he is able to access one.

PROTECTING YOUR PASSWORD
Once you’ve followed the tips above and created strong passwords for your accounts, the next step is to ensure you protect those passwords.

Never share your password with anyone. This first tip may seem obvious, yet it’s one of the most common ways intruders gain access to your private information. While there are cases where it may be necessary to share your password, such as with someone you know to be an authorized system administrator, this should only be done in person and never by telephone or email.

Change your password frequently, Jordan suggests every 90 days. There will also sometimes be requests from online sites like Amazon and eBay for you to change your password, but they will NEVER ask you for your password. When advised to change it, if the request is legitimate, then it’s important that you do so.

“These emails usually indicate that sensitive information has been accessed by hackers, and the fastest way to close the door from the consumer end is to change their password to limit any damage that may have been done,” Jordan said. “The onus is also on the companies affected to put measures in place to stop the attack from happening again. If you find out a thief has cloned keys to your house, chances are high you are going to change the locks,” he said. “The same thing applies for passwords.”

Do not type your password in public or in plain view of potential onlookers. Needless to say, if you enjoy relaxing at the coffee shop with your tablet or laptop, be very wary about entering passwords to your personal accounts there.

Pay special attention to how you store your passwords, and avoid writing them down. Given the numerous passwords required for your day-to-day activities and the complexity required to keep them safe, this is difficult. If you must write it down, do not store in plain view, like on a Post-it on your monitor, and do not just toss it in the bin, where someone else can easily retrieve it. Also, instead of writing the actual password, write a phrase or some other word that will remind you of what the password is.

If taking these measures still leaves you with some doubt about the safety of your information, you can step it up a notch by choosing to encrypt your password to protect it from onlookers, or you can utilize a One Time Password (OTP) generator. As the name suggests, it will generate a new password for you each day, rendering the previous day’s password useless.

Implementing these simple measures will help you produce stronger, less crackable passwords, and in the process, ensure your sensitive information is less vulnerable to hackers. This leaves you more time to surf the web with confidence and enjoy the convenience and the endless possibilities the Internet offers.

Author
Recent Posts

Marsha Branch

Marsha Branch is a Media & Communications Consultant and freelance writer with over 19 years experience as a print and broadcast journalist. Her work has been published and broadcast internationally by such organizations as the BBC, CNN and United Nations.