In light of the Yahoo Voices hack where 450,000 passwords have been compromised, it’s time again to let the world know what they are doing wrong when it comes to passwords. According to CNET:
- 2,295 accounts used 123456 as their e-mail account password.
- 160 accounts used 111111 as their e-mail password and;
- 70 accounts used 000000 as their passwords.
Common Ways Hacks Happen
Dictionary attacks: Avoid consecutive keyboard combinations— such as qwerty or asdfg. Don’t use dictionary words, slang terms, common misspellings, or words spelled backward. These cracks rely on software that automatically plugs common words into password fields. Password cracking becomes almost effortless with a tool like John the Ripper or similar programs.
Cracking security questions: Many people use first names as passwords, usually the names of spouses, kids, other relatives, or pets, all of which can be deduced with a little research. When you click the “forgot password” link within a webmail service or other site, you’re asked to answer a question or series of questions. The answers can often be found on your social media profile. This is how Sarah Palin’s Yahoo account was hacked.
Simple passwords: Don’t use personal information such as your name, age, birth date, child’s name, pet’s name, or favorite color/song, etc. When 32 million passwords were exposed in a breach last year, almost 1% of victims were using “123456.” The next most popular password was “12345.” Other common choices are “111111,” “princess,” “qwerty,” and “abc123.”
Reuse of passwords across multiple sites: Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31% among victims.
Social engineering: Social engineering is an elaborate type of lying. An alternative to traditional hacking, it is the act of manipulating others into performing certain actions or divulging confidential information.
Tips to Make Your Passwords Secure:
Make sure you use different passwords for each of your accounts. (Yahoo, Facebook, Twitter, Google etc)
Be sure no one watches when you enter your password.
Use comprehensive security software and keep it up to date to avoid keyloggers (keystroke loggers) and other malware.
Avoid entering passwords on computers you don’t control (like computers at an Internet café or library)—they may have malware that steals your passwords.
Avoid entering passwords when using unsecured Wi-Fi connections (like at the airport or coffee shop)—hackers can intercept your passwords and data over this unsecured connection.
Don’t tell anyone your password. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself.
Depending on the sensitivity of the information being protected, you should change your passwords periodically, and avoid reusing a password for at least one year.
Do use at least eight characters of lowercase and uppercase letters, numbers, and symbols in your password. Remember, the more the merrier.
Strong passwords are easy to remember but hard to guess. Iam:)2b29! — This has 10 characters and says “I am happy to be 29!” I wish.
Have fun with known short codes or sentences or phrases. 2B-or-Not_2b? —This one says “To be or not to be?”
Memorize your passwords and PIN codes, never write them down on paper.
Check your password strength. If the site you are signing up for offers a password strength analyzer, pay attention to it and heed its advice.
0 comments:
Post a Comment