Need for Strong Passwords

 

Passwords are a big issue for most of us. We are supposed to have strong passwords for every site that we visit, for email for our laptop for our work.

Not only strong but different for each website and login we use.

Weakest Link

The reality is that for most of us our passwords are the weakest links in our personal security chain and consequently our poor password hygiene is our biggest security risk.

Insecure Websites

The main risk comes from visiting a website that has been hacked. You register on the site and your username and password are stored. Unfortunately, the security on that site might be poor and may result in your credentials being stolen when the site is hacked. There are millions of websites being hacked daily.

Bigger companies might have better security because they can afford the high price of protection, but there are no guarantees.

Security is a “No Return” investment for many

The problem is that companies are always looking for a return on investments and they see security as being a “No Return” investment. Despite the probability of losing their reputation. Most smaller companies may not even have an employee responsible for and skilled in security issues. They perceive that they cannot afford the expense of a specialised Security Officer.

Total Attacks

Most of us are totally unaware of the level of attacks that our own websites are subject to daily.

Total Attacks Blocked

The graphs above show the number of attacks blocked by a piece of software I use, up to 6,500,000 in a 24 hr period and 160,000,000 in a 30 day period.

I used to work for a company that was heavily involved in US defence. The security officer advised me that they were subject to millions of attacks every day.

See  the Attacks In Real-Time

For a real-time view of the attacks that are going on right now take a look at Kaspersky’s Real-Time Cybersecurity Threat Map

 


 

Has my Email address been Stolen

The most frequent username we use to register on a website is our email address. You can check to see if any of your email addresses have been compromised.

Go to: “haveibeenpwned.com”

Enter your email address and check to see if it has been accessed and published on the Dark web.

So I enter one of my emails onto “haveibeenpwned.com” and up comes the message:

 

Below the message was a list of companies that had been hacked and from which my email address had been stolen because the company concerned could not be bothered to secure my credentials securely.

Many of the hacks were old but some were more recent.

On the same website, you can also check for passwords and websites that you own or use to see if they have been hacked.

The Dark Web

The Dark Web is one place where hackers will list your stolen credentials for sale to other hackers.

If you want to know more about the Dark web, lust look at Wikipedia:

https://en.wikipedia.org/wiki/Dark_web

I would guess that most of us want to keep away from the Dark Web, accessing it alone could present a risk.

 

How We Hand Out 50 % Of Our Personal Information To Hackers On A Plate

Now think about it.

The credentials we use to get into most of our accounts consist of our Username and password. And what is our typical Username? It is our email address. So, if our username as in our email address is out there in the wild, hackers have at least 50% of the information they need to gain access to our personal information.

I say at least because with that information they can search for publicly available information such as your date of birth. Even more personal information on Social Media sites.

Using this information, they can use automated scripts to fill in the blanks

 

The Ways Hackers Can Get Out Personal Information Is Legion And Increasing.

Phishing attacks happen when an attacker, disguises themselves as a trusted friend or organisation (Telecoms or the Tax Authorities, Amazon etc, etc, etc and increasingly etc) and persuades the victim into opening an email, instant message, or text message or reveal more and more information

This is why passwords should always be encrypted or hashed;  if not they can be read as they are transmitted over the internet. Consequently always be wary of “Http:// “websites, make sure you only use “Https://” The “s” is for secure and means that the transmission is encrypted. Google has been very active in pushing for this security level bu the the “Http://” sites are still out there.

Then there are keyloggers which are small bits of software downloaded onto your computer and track all your keystrokes and send them back to the hacker. This software may come from compromised websites.

Once they have your email, getting your password might be easy. Many people use their dog’s name as a password or a birthday, then publish the dog’s name or birthday on Social media.

There are pieces of software that can crack your password. They run thousands of combinations from “dictionaries” in hours and then publish those that work. Bear in mind that humans only use between 20,000 and 30,000 words in total.

So it is not a big deal for a computer to run many combinations on that number

 

It is a scary world.


Ash
Ash

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.