Fixing the Leak: See How Hackers Are Stealing Your Passwords
There is no way you are going to win a battle you are not prepared for. By preparation, you have to know not only the battleground but what tactics the enemy might be coming at you with.The same is true for the war against password hacking.
Before you go around with the intention of staying protected against hacks, you should know how they could occur at all. In this piece, we discuss some of the common ways by which hackers get your passwords, and what you should do to protect yourself against those techniques.
1. Dictionary and Hybrid Attacks
These have been lumped together because they follow almost the same pattern.
As the name of the former implies, a dictionary file is needed to make the hack happen. An algorithm is fed with this dictionary file so that the computer learns all the words in the dictionary. The computer then starts trying all these words in different combinations till it gets the passphrase you have used on such an account.
From the name, you can guess that it would work best against accounts that have passphrases instead of passwords.
No matter how long the passphrases are, it would only take a while for the dictionary attack to work.
Some other users are great with alphabetic substitutions. They prefer to use symbols instead of letters and numbers in the place of some letters too. This is the case with passwords like ‘p@ssw0rd,’ and a simple dictionary attack won’t work for that.
That is where the hybrid attack comes in to build on what the dictionary attack has done for improved results.
Fix: Even if your passphrase is not a logical sentence, that doesn’t keep these attacks from succeeding. The computer will also try different combinations of sentences that do not make any sense, so you are not safe with them.
Use a password generator to get a better and stronger combination of words for a better password instead.
2. Brute force attack
When all other forms of hacking fail, this is the one that the sophisticated hackers turn to. Brute force attacks will take a lot of dedication, resources and time – but they are worth it in the end since they come up with results.
The hacking algorithm is programmed with all the letters, symbols, numbers and all other special characters which could have been used to form the password at all. The computer combines these characters in different orders and lengths until it returns the password to each account. The brilliance behind this attack is that it chips away at the very core of the password slowly but steadily, and it doesn’t stop till it comes out with a suitable result.
Fix: There is almost no defending against brute force attacks – but that’s if you don’t know how passwords work in the first place. Using online password generation tools, you can create a unique and strong password that will take several years for even brute force to crack.
No hacker will stay on your password for that long when they could hack other accounts instead.
3. Man in the middle attacks
All the other password hacking models we have been talking about involves a hacker trying to guess your password with their algorithm. Man in the middle is one of those techniques where the user themselves serves their password to a hacker on a platter of gold.
The hack will often occur when an unsuspecting user is accessing the web via an unencrypted network. This makes it easy for a hacker to breach such a network and place themselves between the user’s computer and target server (any app, website or platform such a user is using on the internet).
Any and all interactions being made by this user will be visible to the hacker in real-time. In fact, the hacker can hijack conversations and tweak them to their own advantages. From here, there is no telling what other sensitive information the hacker can get access to, and how they can wield that over you.
Fix: The biggest unencrypted network that users unknowingly connect to every day is public Wi-Fi. Thus, the first thing is to ensure you stop connecting to them.
Likewise, your mobile connection might be unencrypted, but you can tighten things up by layering that connection over a VPN. You can do that for public Wi-Fi connections too to make them safer for use.
4. Phishing Scams
Haven’t heard of phishing before? Well, they are only the granddaddy of all social internet scams. You would think so too if you considered the fact that they account for more than 90% of all social scams ever – and they have been around than many other forms of hacking.
They leverage on tricking a user into clicking a link that leads them to websites, apps or platforms which look like the real deal. Here, a hacker could clone a bank’s website, make a copy of a healthcare company’s page or something of the sort, and send that link via mail to a user. Such email will also contain a message that informs the user to take some sort of urgent action on their account.
This urgency spurs the user into clicking the email link without giving it much thought. They are faced with a page that looks like the real thing, and they enter their passwords – thinking all is the same.
What the user doesn’t know is that the login details they entered are being relayed to a hacker on the other end of the server.
The hacker will then use these login details to access the actual account of such a user – and do as they please from there.
Fix: Never click on links in emails or text messages anymore. Be wary of attachments too – and you can even download an antivirus scanner to help with that.
Even though mailing services and antivirus scanners are now great at catching phishing attempts, they will sometimes fail. Always be wary of what you click on.
Wrap Up
The above are just some of the many techniques that hackers employ. Applying those fixes beforehand, though, you can ensure your accounts stay safe from many kinds of hacking attempts out there.
This is a guest post from Chris Jones @TurnOnVPN
Please Follow us.
Page, Group
Google+
Blog
Youtube