Author: Henrik Stridh, Senior Consultant
Most apps, systems and webpages require you to choose a strong password, that (often) contains large and small caps, and some numbers or symbols.
My guess is that your password starts with a large cap, followed by some small caps and ending with two or more numbers or symbols. If not, you are one of the persons of the top 5-10 percent which are least likely to get breached.
We often think alike when it comes to choosing a password. People follow the same pattern and many of us do not think of this at all. The breachers are aware of this which makes it easier for them to create the algorithms which will break your password.
In this post I will give you some recommendations of how to protect your login credentials on the web, but first how do you get hacked?
There are some different types of hacking:
Here algorithms used to figure out words and keyboard combinations such as qwerty or asdfg. The software used relies on common words, names, words spelled backwards etc. If you for an example use your name as password the cracking of this will be effortless.
Recommendations: Do not use words from the dictionary, names, common slang etc.
You often have the possibility of choosing “Forgot password” on login sites. You are often asked to answer some simple security questions such as “What is your pets name?” etc. These answers can often be found in your social media by some investigations.
Do you remember when Sarah Palin was hacked during the president campaign in US? This was how.
Recommendations: Do not use this alternative to identify yourself if you have forgotten your password.
This is related to the first type of attack. Do not use simple password like 12345, qwerty, 1111111.
In larger breaches, this is the most common way to crack passwords.
This type of hacks has become very popular. Often a mail is sent out with information that you must update your credentials due to security issues. In the mail, there is a link to update your credentials for your bank or other accounts. This link is however pointing to a site where all the login credentials goes directly to a database belonging to the hackers.
Recommendations: Never update your credentials by clicking on a link. Go directly to the web page that are concerned.
Some tips of how to stay safe:
- Use different password for each site/app.
- Do not enter password on computers which you do not control, e.g. on cafés, libraries etc.
- Do not enter password when using unsecured WIFI’s like on the airport, stores etc.
- Depending on how sensitive information in the site/app; Update your password periodically and avoid reusing your password.
- The length of your password is more important than the complexity.
- Write down your cryptic password on a paper. Physical breaches are almost out of scope for hackers.
- Use a strong password that is easy to remember, e.g. Iam2b30y (I am to be 30 years)
- If you have a book in the near of your computer, use the ISBN number as password.
- Be creative.