Hackers are on the prowl, and there seems to be nothing being done about it. With the advancement of technology comes a promise of better security, but is not the case all. While it might not look like it, though you can beat hackers at their own game. Before we go into that, it is important to look at why that is worth consideration at all.
The Deplorable State of Account Security
We have reached a stage where it is almost like no account is secure anymore. Depending on the motive of a hacker, and how much they want to get into the account, chances are that they will get into it.
That is not helped by users too. In a time when security is as advanced as it is, a shameful find is one of the users still embracing simple passwords like ‘12,345,’ ‘password’ and the likes. It is almost like no one is even trying to be safe.
An IBM study also confirmed that looking to the future for better password security might not cut it, more young employees are found to have way poorer password habits than the older ones. If that is anything to go by, there is a sharp decline there, and the next set of young employees/ people will continue the trend.
Likewise, trusting your passwords to big companies is not always a great move. They do their best to ensure your passwords are safe, but they also have a big target on their back. That is why we have seen as much as 3 billion accounts get hacked on Yahoo alone, and Uber is not left out with over 57 million breaches of both driver and rider data.
Now that we all know how serious hackers take the password business, how about we look at how they do it at all?
The Many Faces of Hacking
The type of hack behind any account breach will depend on the level of sophistication of the involved hacker, and the passwords they are after. I list some of the most common attacks below:
1. Rainbow table attack
Most services now store user password data in the form of computer-generated codes called hashes. That makes it impossible for a hacker to get hold of the password database and know what the password is–since these hashes bear no semblance to the real password, and cannot be used in their stead either.
With a rainbow table, though, a hacker can reverse the hash and get what the actual password is.
2. Malware attack
This comes from loading infected applications and programs onto your device. It doesn’t matter if it is a smartphone, tablet or computer. As long as the device can take applications and programs, they can use this attack against it.
The hacker builds an app/ software and inputs malicious code into the build. They can also find already existent applications and modify them with these codes, offering them to the public as ‘cracked versions,’ or via any other name.
On installation, the lines of code kick into action. They could be programmed to take over the computer (some form of ransomware) or just record keystrokes (keylogger) from where a user’s password can be found out. Such malicious software could be left operational for even years without the user suspecting anything out of place.
3. Dictionary attack
Passphrases are the susceptible forms of passwords here.
The computer is fed a dictionary file that allows it to run through a combination of different words in the dictionary which could have been used in creating such a passphrase. It doesn’t need a supercomputer for such a hacker to get through as much as millions of combinations in mere minutes, and it won’t be long till every password for the list of accounts being hacked shows up.
4. Plain text attack
This is a fault of the service where an account was created.
Quite several platforms still prefer to store their user data in plain text locked inside their database. To their credit, though, they don’t go around giving everyone access to this database, but that is where hackers come in.
Using a variety of the tactics above or more, they will get into such a platform’s database. Since the user information was stored in plain text format already, they need not do more than make copies of this file to gain access to all accounts on that database.
Winning the Password Game
The above list is not exhaustive. Hackers can still employ any of hybrid attacks, brute force attacks, man-in-the-middle attacks and other forms of data breaching techniques.
The important thing, however, is staying safe against them.
Fortunately, you don’t have to give an arm and a leg to do that. For better password safety, you should:
- Desist from creating your password yourself. This makes them predictable since every human is predictable to a large extent. Rather, use online password generators to create strong and unique passwords that will take several years to crack.
- Don’t attempt to remember all your passwords. If you are using a password generator as recommended, there is a slim chance you will be able to memorize the combination anyway. Thus, get a password manager to handle all that.
- Never use the same password for over one account. In the case of any slip-up or breach, you don’t want the hacker using a single password as the key to your other accounts.
- Do not share your passwords with anyone. No matter how secure they inherently are, sharing your passwords makes it more likely for a leak (of the password) to happen.
- Set up two-factor authentication on your accounts. That way, a hacker won’t be able to get in with only your password information