Your password got hacked? Top 7 ways to protect it
Recently, Verizon Data Breach Investigations Report said that 81 percent of data breaches were caused because of a stolen or a hacked password. With the tons of tools and applications we use everyday on different devices, it became so crucial to protect and maintain those passwords. In a recent research, it was mentioned that the average person maintains, at least, 90 passwords on different online accounts.
In this article, we will know some basic tips to protect your password and prevent it from getting hacked.However before getting deep into the 7 tips, first we will need to know how hackers hack passwords
How did your password get hacked?
There are different ways attackers use to hack your password. We will discuss the most common ways in the below section before getting to the best tips to keep it secure.
1. Credential Stuffing: In this type of attack, the hacker uses your hacked password from a poor website and tries to use it on your different other systems. For example if you registered on a certain forum that has been hacked and your password was breached, the hacker will start to use this hacked password trying to access your email, your facebook, linkedin and other platforms including your own systems.
2.Password Spraying: In this type of attack, the attacker tries some of the common used passwords to access your systems. The hacker may also use some of the victim's user personal information like birth date or school name.e.g password123 or password1984.
3.Social Engineering - Phishing: Social engineering is a way of manipulating victimis to let them click on a link where you can enter the password in a fake website site. For example, you or your employees can receive a mail with a link to click on which has exactly the same interface of facebook or your admin dashboard.
4.Brute force Attacks: This usually happens on admin dashboards or a web mail Where specific tools will try different characters to guess your passwords.
5.Legacy or staging system: developers usually use a public ip address for testing their code before pushing it to production. Those staging servers usually have debug enabled which might show some of the internal system credentials. Scanners keep scanning the internet all the time searching for such public .env files or similar files that store critical credentials.
6.Malware Installation- Keylogging: Sometimes attackers will be able to install a keylogger on your machine that can record all your typings including passwords.
7.Shoulder Surfing - Physical: not all ways are remotely, One of the ways some attackers use is to view you while you type your password inside a cafe or an airport. In addition, writing a password on a paper or on your computer in a clear text might be also one of the ways to get access to your systems.These are not the only ways to hack passwords but they are the most common ways.Also, hackers can use a mix of these techniques to get your password hacked. In addition to that, hackers use some tools to crack the passwords.
These are not the only ways to hack passwords but they are the most common ways.Also, hackers can use a mix of these techniques to get your password hacked. In addition to that, hackers use some tools to crack the passwords.
Password cracking tools
John the Ripper: John the Ripper uses the command prompt to crack passwords. It is a free password cracking software tool. Originally developed for the Unix operating system, it can run on fifteen different platforms. It uses a wordlist to crack passwords.
Cain & Abel: Cain and Abel is used only for windows. It can recover many kinds of passwords using methods such as network packet sniffing, cracking various password hashes by using methods such as dictionary attacks, brute force and cryptanalysis attacks. Unlike John the Ripper, Cain & Abel uses a graphic user interface.
Now, how to protect my password from getting hacked ?
7 Tips to prevent your password from getting hacked
Tip 1 => Use complex passwords: people don’t like creating and remembering complex passwords. That's why you can use password generators which will generate strong passwords. Strong passwords should be 8 characters or longer, not a word that appears in the dictionary, includes upper- and lower-case letters, letters and symbols, letters and numbers, etc.
Tip 2 => Use a password manager: password managers are tools that save all your passwords in one place like Dashlane or LastPass. Also, similar feature exists now in all browsers that allows you to remember only one password to access the rest of passwords and in some cases, you don’t even need to remember any passwords at all where you can authenticate to your password manager using your biometrics like fingerprints in your laptop or mobile.
Tip 3 => Use account lockout: To prevent brute force attacks, make sure to add account lockout in case the user enters wrong passwords 5 or 6 times.
Tip 4 => Change passwords periodically: You should assume that your passwords got hacked and it just a matter of a time before the attacker cracked the password, for that changing the password periodically will increase the lifetime of your passwords.
Tip 5 => Educate yourself and employees: make sure that you and employees understand what is meant by phishing and social engineering, don’t let them click on suspicious links and to make sure to check the links before entering their passwords.
Tip 6 => Don’t use your personal information in the password : for example password accompanied with date of birth, or accompanied with your school name or pet’s name as today this information can be discovered from social media.
Tip 7 => Don’t share your password: Although that seems obvious, some employees share their email passwords or their accounts passwords with their colleagues which might cause harm to your password protection hygiene.
For a long time, passwords have been used to protect critical assets and it will keep staying for some time. Passwords are known as “ something you know” which when combined with “ something you have” provides a higher level of protection. That's why we advise our customers to use two-factor authentication whenever possible.
CyberTalents pool of talents can help you to check your password protection controls, test your applications for vulnerabilities, run a penetration testing, perform a security audit and evaluate your security status, you can Hire our talents now.