LetMeIn101: How the Bad Guys Get Your Password
Passwords are essential to your cybersafety. You know it, but if you’re like the rest of the digital society, you probably have dozens of passwords to remember. It’s a lot. So, you might take shortcuts. Taking advantage of your laissez-faire attitude is one way bad guys access your passwords.
Incredibly, there are still people out there using “password” or “123456” in their access credentials. Some people don’t change the default passwords on their devices. So, anyone can pick up a router, look at the sticker identifying the password, and access that network.
Tip: Avoid the obvious passwords! When you have to create a password, make an effort. When it’s time to update a password, do so. Steer clear of simple, easily guessed patterns.
Cybercriminals can also guess your password. With a little bit of research about you online, they can make some informed guesses. Common passwords include pet names, birthdays, and anniversaries. These are all easy to find via your social media accounts.
Tip: Be careful what you share on social media! Don’t befriend strangers, as you are giving them access to a goldmine of info for personalizing an attack on you.
If that doesn’t work, criminals may try brute force. They might script an automation bot to run thousands of password permutations until they get a hit. The software will try a long list of common passwords and run through dictionary words to gain access.
Tip: Use a complex password with numbers, letters, and symbols or a passphrase. A passphrase is typically at least 19 characters long but is more memorable, as it unique to you.
The criminal may also be working with info from a data breach. In early 2019, a security researcher found more than 2.7 billion email/password pairs available on the Dark Web. Criminals accessing that database could use the data as a starting point, as many people duplicate their passwords across accounts.
Tip: Use a unique password for each site. Yes, that’s overwhelming to remember, and that’s also why you should use a password manager to keep track of it all for you.
Criminals can also access your account if you’ve used a hacked public computer. The bad guys may have installed a key logger on the computer. The logger records every key you press on the keyboard. Or they might have compromised a router or server to be able to see your information.
Tip: Be cautious about your online activity on computers or networks you don’t trust.
Of course, there’s one more method of getting your password that we haven’t addressed yet. It’s the familiar phishing attack. For instance, you get an email that looks like it was sent by your bank. Phishing typically has an urgent message and a link that directs you to what looks like a credible page.
Tip: Pay attention to who is sending the email and hover the mouse over the link to see where it goes. If you are concerned about your bank account, for example, open up a browser and type the URL manually rather than clicking the link.
These tips can help you to protect your valuable passwords. Still, setting up a password manager and amping up your internet security can help too. Need support getting ahead of the cybercriminals?