It is an unfortunate occurrence, but we rely too much on a password for account security. After setting up our accounts and registering the password, most of us are under the assumption that the account will always be secure. However, the reality is far too harsh to allow such a serious weakness to go unchecked. Due to that, numerous hackers target our passwords so they could access our accounts.
Password theft can deal a significant blow to your digital security and privacy, especially for those who make easily avoidable password mistakes such as using one password for multiple accounts. If you worry about the state of your password and hope to avoid password theft and its devastating consequences, you need to understand how hackers steal passwords and the countermeasures for such methods.
Phishing attacks are a type of social engineering attack where the hacker deceives and manipulates the target to disclose sensitive information. In the case of password theft, phishing attacks focus on getting the target to click on a link. The link usually sends the target to a phishing website, which is a cloned version of a real website, and when the target uses the site to log into their account, the password, along with the username, are stolen. Phishing messages may also prompt you to download malware such as keyloggers, which are used to monitor your device and send back data when you use your passwords.
To defend against phishing attacks, you should install cybersecurity tools such as antivirus, password manager, and VPN. You should avoid following links from emails and phone messages, and you should always confirm that the URL of the account is correct. Typically, an official site uses HTTPS protocol, which is secure while most fake accounts use HTTP. You might also notice typos in the links. Using bookmarks should help avoid the need to follow untrustworthy links. Increasing your awareness of phishing attacks should provide you with the means to protect yourself against such attacks.
In some cases, direct methods are better than sophisticated ones, which is especially true for brute force attacks. Brute force attacks are purely technical where the hacker focuses on trial and error to gain access to your password. Even so, it is not as easy as it sounds. The nature of a password makes it so that you have to try numerous combinations before finding the right one. However, there are means to make things easier when using brute force attacks to steal passwords such as dictionary attacks and reverse brute force attacks.
Dictionary attacks are where the hacker enters every known word in the dictionary to find the correct password combination. Reverse brute force attacks refer to where the hackers try to find the username that matches a password. Thousands of passwords are released online from multiple databases after hacking attempts. As long as the database is known, the hackers can try to match the passwords with the unknown usernames until they find the correct one.
Defending against brute force attacks requires plenty of knowledge on the matter. For instance, you should know what methods you can implement as an administrator and what you should do as an account user. Using two-factor authentication, using password managers, and strengthening your password are all ideal options for a user.
Rainbow table attacks
Rainbow table attacks refer to where the hacker uses known password combinations to determine the hash. A password is stored as a hash value, which is a one-way encryption. Unfortunately, for all databases, the hash values are similar. Therefore, “Sage101” would have the same value across all databases, and if you use “Sage101” in your password, the hacker can identify it. The rainbow table is a database created from the hash value of the most common password combinations. All the hacker needs is to wait until the program matches the database with the hash values of your password.
To defend against such attacks, you should use multiple random characters in your password to avoid the likelihood of using a password with a known hash value. The administrators can also implement “Salting”, which allows the hash value to be further encrypted and provides better security. For instance, the hash value for “Sage101” and “sage101” would be similar in a database. However, after salting, the value for both would be different, which affects the rainbow table.
Hackers can also steal your passwords by intercepting the network, especially Wi-Fi networks. When connected to a network, everything you do online is sent over the network as code. If the hacker knows where to look, it is easy to find the password and steal it.
However, this method only works on the premise that the network can be intercepted. The challenge is that most people assume that networks are secure, just because they claim to be encrypted. However, if the Wi-Fi KRACK attacks and Dragonblood vulnerabilities have taught us anything, it is that networks are far from secure. The best way to guarantee your security and privacy online is to install a VPN, which encrypted the network.
Shoulder surfing is perhaps the most straightforward method of password theft. It refers to where the hacker looks over your shoulder as you type in your password. Of course, people who stick notes with their passwords on their devices or save documents with a list of their passwords are very vulnerable to this method. The best way to defend against shoulder surfing is to use password managers. Nevertheless, you should be careful when logging into sites to ensure no one is secretly watching as you type in the password.
Effective password security should start with strengthening your password. If you eliminate all the password mistakes, you buy yourself some insurance over the safety of your password. Nevertheless, better methods such as using password managers provide better protection against password theft. Understanding how hackers steal passwords provides you with insights into password vulnerabilities and how to avoid such vulnerabilities. More knowledge is always better when it comes to cybersecurity, but remember to always keep your information updated.
Brad Smith is a technology expert at TurnOnVPN, a non-profit promoting a safe, secure, and censor-free internet. He writes about his dream for a free internet and unravels the horror behind big techs.
#TurnOnVPN is a non-profit organization focusing on a free and unimpeded internet for all. We take part in numerous online events, aimed at promoting a safe, secure, and censor-free Internet. Learn more at www.turnonvpn.org/blog/.