What Makes My Passwords Vulnerable?

Sunday, November 25, 2012

Robert Siciliano

37d5f81e2277051bc17116221040d51c

There is no such thing as a truly secure pass­word. There are only more secure or less secure passwords. Passwords are currently the most convenient and effective way to control access to your accounts.

Most people aren’t aware of the numerous com­mon techniques for cracking passwords:

Dictionary attacks: There are free online tools that make password cracking almost effortless. Dictionary attacks rely on software that automatically plugs com­mon words into password fields. So, don’t use dictionary words, slang terms, common misspellings, or words spelled backward. Avoid consecutive keyboard combinations such as qwerty or asdfg.

Cracking security questions: When you click the “Forgot Password” link within a webmail service or other website, you’re asked to answer a question or series of questions to verify your identity. Many people use names of spouses, kids, other relatives, or pets in security questions or as passwords themselves. These types of answers can be deduced with a little research, and can often be found on your social media profile. Don’t use traceable personal information in your security questions or passwords.

Simple passwords: When 32 million passwords were exposed in a breach last year, almost 1% of victims were using 123456. The next most popular password was 12345. Other common choices are 111111, princess, qwerty, and abc123. Avoid these types of passwords, which are easily guessed.

Reuse of passwords across multiple sites: When one data breach compro­mises passwords, that same login infor­mation can often be used to hack into users’ other accounts. Two recent breaches revealed a password reuse rate of 31 percent among victims. Reusing passwords for email, banking, and social media accounts can lead to identity theft.

Social engineering: As previously described, social engineering is the act of manipulating others into performing cer­tain actions or divulging confidential information, and can be used as an alter­native to traditional hacking. Social engineering can be employed to trick tar­gets into disclosing passwords.

One day we will develop a truly secure password, perhaps a cross-pollination of various access control tools such as biometrics, dynamic-based biometrics, image-based access, and multi-factor authentication. In the meantime, protect your information by creating a secure password that makes sense to you, but not to others.

Use different passwords for each of your accounts.

Be sure no one watches as you enter your password.

Always log off if there are other people in the vicinity of your laptop or other device. It only takes a moment for some­one to steal or change your password.

Use comprehensive security software and keep it up to date to avoid keystroke log­gers and other malware.

Avoid entering passwords on computers you don’t control, such as at an Internet café or library. These computers may have malware that steals passwords.

Avoid entering passwords when using unsecured Wi-Fi connections, such as at an airport or in a coffee shop. Hackers can intercept your passwords and other data over this unsecured connection.

 

Robert Siciliano is an Online Security Expert to McAfee. See him discussing identity theft on YouTube.(Disclosures)

Possibly Related Articles:
10740
Passwords cracking Authentication Security Awareness
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.