It seems like every week, we hear of another security breach at a major organisation, and we've all heard hacking horror stories. A breach at just one company can mean that millions of usernames and passwords are left compromised. It's a worrying fact that many of us reuse the same passwords across multiple accounts. This means that a breach at one site, can leave all your other accounts vulnerable. On top of this many people also have weak passwords, leaving themselves open to hackers. In this post we are going to take a look at some of the ways that passwords can be compromised and how to protect yourself by creating secure passwords.
Common Methods of Attack/How Are Passwords Exposed
- Someone Targets You: Someone you know might want to take a peek into your personal information. The better that someone knows you, the more chance they have of guessing your password.
- Guessing: Some simple social networking can provide some insight into potential passwords. Just think of the amount of personal information that you can find via your Facebook page.
- Phishing & Social Engineering: Tricking you into revealing passwords and usernames. Often by contacting you, purporting to be from a trusted source (such as your bank) and requesting personal information.
- Dictionary Attack: Makes guesses from a list of words. The list commonly features the most popular passwords, as well as a list of words found in the dictionary.
- Brute Force Attack: Is a trial and error method to attempt to discover a password. Detecting both dictionary and non-dictionary words, and will work through all possible alphanumeric combinations.
- Security/Data Breaches: Huge companies are often targeted by hackers. A data breach will often result in millions of usernames and passwords being compromised - yours could be one of them.
How to Protect Yourself
Following some pretty simple best practices can help you to keep your accounts safe. Let's go through some of the ways to make yourself less vulnerable to hackers and attacks:
- Avoid common passwords. Hacking software tends to use the most common codes first. Research from hacks and data breaches last year found that "123456" and "password" were the 2 most common passwords.
- Avoid common words in general - this will reduce the success of a dictionary attack.
- Make sure that it's not too short - longer passwords are generally harder to crack. For example, guessing a 15 letter password is bound to be harder than guessing a 4 letter password.
- Avoid personal information, if it can be guessed by someone that knows enough about you - then it's not secure. As mentioned earlier, it's pretty easy to discover personal information just by looking someone up on Facebook.
- Use different passwords for each account. If you are using the same password - all it takes is one data breach or for a hacker to crack one password to compromise your entire online presence.
- Change your passwords, but never repeat them. Many accounts (especially work ones) will request that you regularly change your password. If there has been a breach, then this should keep your accounts safe.
- You could add a passphrase, instead of a password. Adding misspellings and special characters will also help the integrity of the password.
- If memorability is important to you, you could take a memorable sentence and turn this into a string of characters. Adding lower case, upper case, special characters and numbers will also create a stronger password.
- Use a password manager. This will take the strain off of trying to remember all of your passwords.
Here at Freeola, we have taken steps to ensure that your MyFreeola password is nice and strong. We have implemented a strength indicator, which scores your password strength between 0-4. If you already have a MyFreeola account with a weak password, we will notify you about how you can change this.
Following some of the best practices above should help to keep your accounts secure. Obviously there are elements that are out of your control (such as a data breach) and attacks that are so sophisticated that there is little that you can do to prevent them. This highlights how important it really is to have separate passwords for all accounts.
Password managers seem to be a great way to pick up where our memory fails. We'll be taking a deeper look into password managers in our next password security blog post.
Move on to Password Security #2 - Password Managers.