There are many ways of stealing a password, but the two main ways traditionally are:
- Social engineering / Phishing or Vishing
- Hacking
Top tips to stay safe:
Number 1) Keep your information private
The former requires that you willingly give your information out, perhaps a convincing email claimed they required that information, or a phone call alleging to be from some provider or company (very popular these days!). Somehow you got tricked and it wasn’t fun. The latter you have less control over, anyone with the tools and enough knowledge could intercept communications, or breach systems that contain information about your password. The tools and knowledge already exist online for literally anyone to get, along with tutorials on how to use them.
If you accidentally gave your password away, it’s pretty much too late. Change it. It does not matter how good your password was once someone else knows it. The problem becomes less about how good the algorithms are, instead turning into one of trust. You might trust your partners, or children or even co-workers with your passwords, but your security will only be as good as their level of trustworthiness.
“So why does this matter so much? What if my web account had a data leak? I bought a silly gift that one time and I’m never going back. Do I care?”
- You probably
IT MATTERS!
Number 2) Don’t use the same password twice
Well its likely they asked you for a username when you registered, they might have used your email address as your username, or at least stored your email on their servers. If you were uncareful and used the same password to buy that novelty pencil sharpener as your main email account, it doesn’t take a genius to try the odds and see if they match. Once somebody has your primary email account accessed they can pretty much take over every account you control, this is somewhat ironic since it is achieved by exploiting how easy passwords are to forget. You can have your passwords reset in almost all cases for online accounts. In 99% of cases, that password link or reset will go straight to your inbox where any old Timmy Hacker can get it, once inside, they could change the password for everything you have thereby effectively locking you out. Clearly then, using the same password twice is a terrible idea, especially when it comes to email.
“My password is already good, isn’t it? It’s my favourite thing with an important date at the end, and I swapped my ‘o’ for a ‘0’, my ‘A’ for a ‘4’ so I’m good right?” (eg C0rs493)
- You probably
NOPE!
Number 3) All your online accounts need a strong password
Many years ago, when the internet was new, the frontier of the online world largely unexplored, someone somewhere decided it would be ‘cool’ to be creative with their computer text and started substitutions of letters for numbers or symbols and when 74k3n 70 4n 3x7r3m3 17 c4n b3 4 71ny b17 r1d1cul0u5. This used to be a pretty effective method at hindering password cracking operations, the algorithms were weaker then, computers much slower and crackers couldn’t easily overcome it. And what’s now known as Leet speak (Elite Speak) was an effective way of multiplying the work needed to crack a password with brute force.
And here comes the section with the maths and the numbers. Say we started with the basic password ‘12345’ someone somewhere will have used this password, for sure, and they should be ashamed. The total scope for this password is very small, only five characters in length, all numbers. There are ten different number symbols, and so the maximum total number of guesses needed would be 10x10x10x10x10 or more simply one hundred thousand guesses. Even with today’s improved encoding and hashing algorithms it doesn’t take long for a computer to work through such a small amount of possibilities. Password strength is derived from three factors such as 1) number of symbols, 2) password length and 3) its complexity. Visit our website tomorrow to read more about factors one and two.
Ben
Ben is looking after our clients’ IT systems and backups, making sure their equipment and infrastructure are responsive and reliable.
If you would like to talk to Ben about anything mentioned in this article please let me know and I will ask him to contact you and answer your questions.
Kamila
General Manager
Octagon Technology Ltd