InformationWeek’s publication Dark Reading is celebrating its 10 year anniversary this year. In honor of their decade of information security reporting, Dark Reading published an article titled Epic Security #FAILS Of The Past 10 Years. The article comments that it is “2016, and we’re still talking about how lame passwords are as an authentication mechanism.”
How Hackers Can Compromise Passwords
The first step in compromising a person’s password is first figuring out what their log-on credentials are that may be attached to a password. Without the user name (or email address) it is difficult to break into a system even if a hacker knows a password that works. As many businesses use email addresses as a log-on credential, it is very easy for cybercriminals to get ahold of your log-in information. Email addresses get included in marketing communications, are posted online in employee directories, and are what are used to send external electronic communications outside of the office.
Once a hacker has an email address (or is savvy enough to research what the usernames are – often derived from an email address), they can break into accounts through the following:
- Guessing
Guess passwords is a fairly simplistic way to get into an email account, a database, or gain access to files and networks that contain sensitive information. With a person’s email and/or user name in hand, a hacker can guess through a variety of variables including the most commonly used passwords, important dates (like birth-dates), or pet names – all of which may be uncovered through some online snooping.
- Brute Force Attacks
Like guessing, brute force attacks are conducted via automated software that can generate a large number of consecutive guesses of data. This train-and-error process can get information about a user including a password or personal identification number (PIN).
- Phishing and Malware
Illegitimate emails get sent to organizations and naïve employees often open these rather unassuming emails thinking they are legitimate. These emails often include phishing software or malware that get downloaded and installed on a computer. These applications can monitor keystrokes to identify passwords or break into directories that house log-in information on the computer.
The Most Commonly Used Passwords
Once upon a time, the most commonly used password was “password.” However, what could be deemed as the “most obvious password” has been eclipsed by the number combination of 123456. Sure it’s easy to remember and takes one quick swipe across a keyboard to input. Yet because of its simplicity it has become the most commonly used password, which also makes it one of the easiest ones to hack. Additionally other commonly uses passwords include “qwerty,” “football,” and “starwars.”
What Can Be Done
Each organization needs to have strict guidelines on building strong passwords. There should also be protocols in place that make employees change their passwords at regular intervals. Ever-changing credential information keeps hackers on their toes and makes it more difficult to try to hack into a company system.
If you are in need of assistance of establishing strong passwords and/or implementing a password policy, contact Roan Solutions today.
