Have you ever had an account hacked? Most certainly you would have! Over 600 thousand Facebook accounts were compromised daily at one point. Yahoo has had its share of compromises that led millions of people’s data to fall into malicious hands. If none of your accounts were ever compromised, consider yourself lucky. But even if you’ve never been hacked, do not think that you’re in the clear. Everyone gets hit by the hammer at some point, some sooner than others. And once that happens, you’ll be wondering, “How did that happen?!” Today, we’re going to discuss just that. We’re going to discuss how passwords are often hacked and show how some security methods can trump these threats.
Let’s have a look at each one:
- Network Sniffing – In this scenario, a person will sit somewhere inconspicuous at an unsecured Wi-Fi hotspot that you’re connected to. Since you’re both simultaneously connected to the network, and the network doesn’t have a WEP/WPA key protecting it (i.e. it doesn’t ask you for a key before you connect to it), this person can potentially see all of the information you exchange with remote servers. Every time you log in, that data will appear on his console if he’s sniffing. This can present a problem if you’re not encrypting the traffic yourself. Using solutions that encrypt the password before it leaves your computer often help, but that accounts for a very tiny minority of applications. Your only hope is to either use a Single Sign-On solution or avoid unsecured Wi-Fi networks altogether.
- Social Engineering – This one’s a bit difficult and more rare, but some people fall victim to this. With this method, a person either impersonates an authority and coaxes you to give out your password, or he attempts to get information from you to make it easier to guess your password. For the former, just don’t give out your password to anyone, regardless of the circumstances (it’s never necessary). For the latter, don’t use a password that relates to anything about you (such as the name of your dog or your car’s make and model).
- Default Passwords – Your router has a default password. So do many pieces of hardware. Someone can try that password to get access to the hardware and effectively infiltrate your network or system. If you feel you are vulnerable to these kinds of attacks, just change the default password to something else.
- Brute Force Attack – This kind of attack involves a long list of words and alphanumeric sequences (such as “12345”) that people often lazily designate as their passwords. The attacker will cycle through the list, trying each phrase, often using an automated program. It’s much like the parts in Hollywood movies when a person tries different keys to get into a door. To prevent falling victim to this kind of attack, don’t use easily-breakable passwords. Use something highly obfuscated. The most effective passwords use combinations of symbols (such as “$(%@”) and alphanumeric characters.
- Dictionary Attack – Similar to the brute force attack, a dictionary attack involves (you guessed it!) a dictionary. The hacker attempts to use every word in the dictionary to attempt to decrypt an encrypted message or password. This kind of attack is used more in the former situation than the latter, as passwords don’t often contain words in the dictionary, but form certain patterns that make a brute force attack more effective. The obvious prevention for this is to use the same prevention method as you would to prevent a brute force attack.
- Database Access – Once a hacker has access to a database with unencrypted passwords, you can consider all of the accounts on the database compromised. If your account is on that database, you’re at a high risk of attack. If you know of a database compromise, then you should immediately change the passwords of all accounts that use that particular phrase. If that database is in your control, make sure you encrypt the passwords stored on it in the future. Storing unencrypted passwords anywhere is a very high-risk decision.
Now, you not only know what kinds of attacks hackers can use to get their hands on your passwords, but you also know how to arm yourself against all of them. Even then, you’re not 100 percent guaranteed to ward off all attacks forever; but you’ll have a strong fighting chance that keeps you and your interests safe!
Latest posts by Mayukh (see all)
- Why Cloud Security Should Focus on Identity Management - November 26, 2013
- 5 Lessons We Can Learn From The Adobe Hacking Incident - October 31, 2013
- Protecting Your Database From Password Cracking - July 11, 2013