Your Password Got Hacked? Top 7 Ways to Protect it
Recently, Verizon Data Breach Investigations Report said that 81 percent of data breaches were caused because of a stolen or hacked password. With the tons of tools and applications we use every day on different devices, it became so crucial to protect and maintain those passwords.
In recent research, it was mentioned that the average person maintains, at least, 90 passwords on different online accounts.
In this article, we will know some basic tips to protect your password and prevent it from getting hacked. However, before getting deep into the 7 tips, first, we will need to know how hackers hack passwords.
How does your Password get Hacked?
There are different ways attackers use to hack your password. We will discuss the most common ways in the below section before getting to the best tips to keep it secure.
1. Credential Stuffing
In this type of attack, the hacker uses your hacked password from a poor website and tries to use it on your different other systems.
For example, if you registered on a certain forum that has been hacked and your password was breached, the hacker will start to use this hacked password to try to access your email, your Facebook, Linkedin, and other platforms including your own systems.
2. Password Spraying
In this type of attack, the attacker tries some of the commonly used passwords to access your systems. The hacker may also use some of the victim's personal information like birth date or school name. e.g: password123 or password1984.
3. Social Engineering - Phishing
Social engineering is a way of manipulating victims to let them click on a link where you can enter the password to a fake website site.
For example, you or your employees can receive a mail with a link to click on which has exactly the same interface like Facebook or your admin dashboard.
4. Brute Force Attacks
This usually happens on admin dashboards or webmail Where specific tools will try different characters to guess your passwords.
5. Legacy or Staging System
Developers usually use a public IP address for testing their code before pushing it to production. Those staging servers usually have a debug enabled which might show some of the internal system credentials.
Scanners keep scanning the internet all the time searching for such public .env files or similar files that store critical credentials.
6. Malware Installation- Keylogging
Sometimes attackers will be able to install a keylogger on your machine that can record all your typings including passwords.
7. Shoulder Surfing - Physical
Not all ways are remote, One of the ways some attackers use is to view you while you type your password inside a cafe or an airport. In addition, writing a password on paper or on your computer in a clear text might be also one of the ways to get access to your systems.
These are not the only ways to hack passwords but they are the most common ways. Also, hackers can use a mix of these techniques to get your password hacked. In addition to that, hackers use some tools to crack passwords.
Password Cracking Tools
John the Ripper
John the Ripper uses the command prompt to crack passwords. It is a free password-cracking software tool. Originally developed for the Unix operating system, it can run on fifteen different platforms. It uses a wordlist to crack passwords.
Cain & Abel
Cain & Abel is used only for windows. It can recover many kinds of passwords using methods such as network packet sniffing and cracking various password hashes by using methods such as dictionary attacks, brute force, and cryptanalysis attacks. Unlike John the Ripper, Cain and Abel uses a graphic user interface.
Now, how to protect my password from getting hacked?
7 Tips to Prevent your Password from getting Hacked
Tip 1 => Use Complex Passwords:
People don’t like creating and remembering complex passwords. That's why you can use password generators that will generate strong passwords.
Strong passwords should be 8 characters or longer, not a word that appears in the dictionary, including upper- and lower-case letters, letters and symbols, letters and numbers, etc.
Tip 2 => Use a Password Manager:
Password managers are tools that save all your passwords in one place like Dashlane or LastPass. Also, a similar feature exists now in all browsers that allows you to remember only one password to access the rest of the passwords.
In some cases, you don’t even need to remember any passwords at all where you can authenticate to your password manager using your biometrics like fingerprints on your laptop or mobile.
Tip 3 => Use Account Lockout
To prevent brute force attacks, make sure to add account lockout in case the user enters the wrong passwords 5 or 6 times.
Tip 4 => Change Passwords Periodically
You should assume that your passwords got hacked and it is just a matter of a time before the attacker cracked the password. Because of this, changing the password periodically will increase the lifetime of your passwords.
Tip 5 => Educate Yourself and Employees
Make sure that you and your employees understand what is meant by phishing and social engineering, don’t let them click on suspicious links, and make sure to check the links before entering their passwords.
Tip 6 => Don’t Use your Personal Information in the Password
For example, a password accompanied with the date of birth, or accompanied with your school name or pet’s name as today this information can be discovered from the social media.
Tip 7 => Don’t Share your Password
Although that seems obvious, some employees share their email passwords or their accounts passwords with their colleagues which might cause harm to your password protection hygiene.
For a long time, passwords have been used to protect critical assets and they will keep staying for some time. Passwords are known as “ something you know” which when combined with “ something you have” provides a higher level of protection. That's why we advise our customers to use two-factor authentication whenever possible.
Further reading to protect yourself online: