15 Nov WHY IT’S IMPORTANT TO HAVE A STRONG PASSWORD
Cybersecurity experts continually identify the use of strong, unique passwords as one of their top recommendations. However, this is also one of the least commonly followed recommendations because unless you know the tricks, it’s difficult to remember strong, unique passwords for every login and website.
People often convince themselves that their passwords and logins are stored on their computer which is safe from being hacked because it is behind a wireless router or firewall device. However, most people don’t bother to change the default password on this device, so a hacker could easily park outside your home or office, and use a laptop to run through a list of default passwords until they gain access to your network. It is vital that strong passwords are used for your router or firewall devices. The last thing you want is for a hacker to gain control of your whole network and all of the computers and files within it.
Some passwords that you think are insignificant, might actually make you extremely vulnerable if a hacker cracks them. For example, some people think that their email password is not important, because they “don’t receive anything of a sensitive nature”. In actual fact, their email address is probably connected to their online banking account. If a hacker obtains access to your email account, they could log into the Bank’s website and click the “Forgotten Password” link, which will then email a new password link to the email account the hacker now has access to. Bingo! They can now access your bank account too.
How do the hackers crack passwords?
These are just a couple of methods that hackers are using to crack your passwords.
One of the most common ways that hackers break into computers is by guessing passwords. Simple and commonly used passwords enable intruders to easily gain access and control of a computing device.
Conversely, a password that is difficult to guess makes it prohibitively difficult for common hackers to break into a machine and will force them to look for another target. The more difficult the password, the lower the likelihood that one’s computer will fall victim to an unwanted intrusion.
This is becoming a popular method for obtaining passwords. Social engineering takes advantage of the trust people to develop in their social media accounts. Conning people into revealing their passwords is a common technique used and surprisingly, it is often very successful.
Often the hacker will just ask a user for their password. For example, a hacker might call a user to tell them that there are high priority e-mails stuck in the mail queue, and their password is required to enable the caller to log in and release the messages. As crazy as this sounds, it often works, with no questions asked. “Ask and you shall receive!”
Social engineering is made easy for hackers if staff details (names, phone numbers, and e-mail addresses) are posted on company websites. Social media sites such as LinkedIn, Facebook, and Twitter can also be used against a company because these sites often reveal employees’ names and contact information.
A Keylogger is a program that hides in your computer’s memory and runs at startup. It logs every keystroke you type and creates a log, which is then sent to the hacker. It can be customized so that it cannot be shown in the “Processes” tab of Windows Task Manager, making it extremely difficult to detect.
Importance of a Strong Password
One of the concerns that people often have when it comes to creating complex passwords is a fear of forgetting them, particularly when there are several to remember. Naturally, a person should try to think of something that will be easy for them to memorize. One way to do that is to turn a sentence or phrase into something that is not easily recognized by others. To do this, use the first letter of every word in the sentence, replacing certain words with numbers or symbols. For example, the word “for” may be replaced with the number 4 or the word “number” with the # symbol. With this method, a password such as “Save the number for later in the year” may read St#4LITY.
Source: FraudWatch International