Prescott eNews  |   Chino Valley eNews  |    Prescott Valley eNews    |   eNewsAZ |   QUAD POD

Password Security
Featured

28 February 2017   Kristina Abbey | CompuTime

Tips to Improve Online Security

When we long in to a website what is the first thing we do? Enter a password of course. Those irritating little sequence of numbers, letters, and symbols that just make it difficult to get into the site we want to visit. Whether it be Amazon, Facebook, Twitter, the cable account, or even the bank, entering the password is that first important step. Sure it can be annoying to enter in a password each time you visit a site and heck some of use may wonder, why websites require this information. The simple answer is: Hackers.

The Hackers I’m referring to are not the good kind of hackers. You know, those heroes you see in a suspense movie, desperately trying to beat the clock or a villain by breaking into a computer to save the day. No, the hackers we are referring to are the ones who use a range of tools to get at your personal data. That main block standing between you and your information, is the password you select. Sadly though, this is often the weakest point because we users, don’t take it seriously.

Why a Password?

Why is it necessary to have a strong password? First, they restrict access to confidential and personal user information. In addition, a password is often the main way for a system or service to identify a user, and to verify that user is you! We may think that hackers wouldn’t be interested in us. We are small time users right? Why go after an individual when they have bigger targets... like Target? However, here is an interesting but scary bit of information. In 2015, Anthem, a healthcare service, fell victim to a cyberattack that breached 80 million patient and employee records. That’s big. In 2013, Myspace reported a data breach where a hacker tried to sell 427 million Myspace passwords! That’s huge. That same hacker was also reported to have attempted a sale of more than 164 million LinkedIn in user information.

It might not seem like it would be necessary to have your Facebook, Tumblr, or other social media pages locked up like Fort Knox but it is actually an entry point for hackers to get your information for more crucial site, like your bank account. That first step, create a really good password, this is one of the best ways to help protect your information.

How Do They Do It?

Before we jump into ways to create a good password, let’s first discuss how hackers are able to get those passwords. Hackers have hundreds of ways to steal your credentials and their techniques are constantly becoming more sophisticated. So how exactly do they get your data? How do they hack your accounts? There are several methods they use.

Wi-Fi Traffic Monitoring Attacks- Do you use a public Wi-Fi? When on that public Wi-Fi do you log into any accounts? If so, then you are a target for password theft. Wi-Fi traffic monitoring is a common method of attack. The hacker uses a simple application that watches all traffic on a public Wi-Fi network. Once you enter your username and password, the software notifies the hacker and they will then intercept the information. Just a few minutes later, they have used the same password and login combination on various other common sites. If you are using the same username and password combination on other sites, it’s not long before they have access to a whole lot of your information and it’s just a matter of time for them to get the rest.

Phishing Attacks- Over the years, phishing attacks have become more sophisticated. You receive an email, it looks like it came from your bank or from Facebook and they want you to confirm something on your account and are even nice enough to include a link. You click on the link and are directed to a website that looks perfectly legit, but in reality it’s actually a fake site. When you type in your username and password, they now have your data. Phishing attacks also occur through email attachments. When you open the attachment a malicious java script is added into your browser. Without your knowledge, every detail you type, including username and passwords, are recorded and sent to the hacker.

Bruteforce Attacks- This type of attack is just what it sounds like. This is where the hacker attempts to get into your account simply by trying to login over and over until your password is cracked. There are some measures that certain sites use to limit the number of incorrect attempts, but even that is just a temporary holdup. Eventually, that is overridden. Some hackers can even use tools that will do the attack for them. For hackers, most passwords are simple and can be guessed within a specific number of tries. Oh, and “123456” is still the most common password on the planet.

Keyloggers- This is one of the more basic tools used for getting your passwords. Keylogger resides in your system memory and runs at every startup. Keylogger logs every keystroke you type and a log is created that goes to the hacker.

Trojan Horses- This is a common type of malware. Trojan Horse malware comes into your computer through downloads or opening certain email attachments. Once installed, a virus can act like a keylogger. It will record everything you type and send it back to the hacker. In addition, it can also send out spam emails to other computers.

So now we know a bit more about how Hackers attack but what are weak passwords that they can easily crack?

Weak Passwords

A weak password is a password containing information about the user or common and often used words. Many users will use their names, the names of friends, parents, partners, children, pens, or important dates (birthday, anniversary) and those are easily guessed.

Some of the most common passwords of 2016:

  • 123456
  • 123456789
  • Qwerty
  • 12345678
  • 111111
  • 1234567890
  • 1234567
  • Password
  • 123123
  • 987654321
  • Qwertyuiop
  • Mynoob
  • 123321
  • 666666
  • 18atcskd2w
  • 7777777
  • 1q2w3e4r
  • 654321
  • 555555
  • 3rjs1la7qe
  • 123qwe
  • 1q2w3e4r5t
  • 123qwe
  • Zxcvbnm
  • 1q2w3e

     

If you have any of the above passwords…Change it now!! Not only are they common passwords but they are also weak passwords and it can take a hacker just seconds to gain access to your account. Even if you are taking time to make longer passwords, if they are based on a simple pattern, that password is still consider weak and can easily be stolen by a hacker.

Creating a Good Password

We’ve talked about the villains, how they contrive to get into your accounts to steal your information or money. So let’s look at the hero, the one in the white hat that comes to save the day. Guess what? YOU are that hero. You can create your own fantastic passwords to help keep your information secure.

Here are some simple steps you can follow to create a good password:

  • Make the password long and complex
  • Don’t use proper words
  • Use a different username and password combination for every site you log onto
  • Use a password generator like random.org/passwords
  • Change your password every 60-90 days
  • Avoid bunching up special charactersNever reuse an old password

     

Remember when changing passwords, make sure you are hitting every account you have ever created. This includes accounts for sites like: online food delivery, school accounts, shopping sites (Walmart, Target, Amazon, and any others), government sites, banking, social media sites, social media games, PC games, game consoles, streaming devices and accounts (Roku, Netflix, Apple TV), email, subscriptions, and so much more. Anything you have created an account for will need to have a unique login and password combination. You might be thinking, “Why does it matter if I have a strong password for my pizza delivery?” Think about this, did you save your credit card information or address on your account? If you did, then you’ll want to protect that information.

CompuTime Can Help

As malicious software can play a big role in observing your computer keystrokes for hackers, make sure you get your computer cleaned or at least checked on a regular basis. CompuTime, a locally owned and operated company has been around for over 20 years and we’ve removed many viruses. We offers tune-up services for your computer, and if needed, we can even run a full virus scan and remove any malicious software on your computer. This little extra step can help keep your passwords safe from hackers.