Everybody wants to be sure their data, especially their personal data, is secure. One of the most common methods to secure data is to set up a password, for example, by setting up a password on mobile and other devices. Data on sites such as Facebook and LinkedIn is also password protected. We rarely consider the data we save to all our devices and sites, and many people presume that a password is enough to protect it.
Unfortunately, nothing could be further from the truth. Passwords are an excellent method to secure everyday data. But hackers can crack a password quite easily. This is due to a few technical vulnerabilities, and also due to user ignorance.
Despite all the guidelines relating to safe passwords, users still prefer the easiest solutions. They find it inconvenient to remember a different password for every application, and decide to use the same password across various applications and devices. Users often choose a password that is easy for them to remember, which means they select existing words or simple numerical sequences. “123456” and “qwerty” are still two of the most common passwords. Hackers will crack such passwords in mere seconds. If you also use the same password over and over again, hackers have hit the jackpot, because this means access to other data sources is also granted and can be used to search for even more information. For example, when hackers gain access to your email account, they can easily request new passwords for different accounts by clicking on “forgot password”. In short, several mistakes in the way people manage their passwords make it easier for hackers to gain access.
Users tend to:
- Choose a simple password
- Use one password over and over again
- Do not change their password often enough
How do hackers discover your password?
Hackers can access your password in several different ways.
The following are the four most common methods:
- By guessing: Many passwords consist of easy to remember word and numerical combinations, such as: date of birth, first name, and names of children or partners in combination with a symbol or number. For example, if an employee’s name is Sebastian and the password requirement is a sequence of at least 8 characters and numbers, letters, and symbols, all too often the password will be Sebastian01!, Sebastian-01, etc. Most hackers know this. In addition to the usual suspects such as Welcome-01, they will try these passwords.
- Social engineering: Why bother guessing, if you can simply ask? By using fake emails, websites and phone calls, login information can be discovered. People are often less alert when they are online, and more inclined to provide information or download software that can help hackers access their passwords.
- Dictionary attack: With this method, an existing list of an almost infinite number of words is compared to the user password. As soon as a match is found, the password has been discovered. This happens at the speed of light, and if the password is nothing more than an existing dictionary word, it is cracked within seconds.
- Brute force: If the methods described above do not lead to the desired results, brute force is the next option. This is a fairly intense way to crack passwords and requires a great deal of time and computing power. Brute force tries every combination of letters, numbers, and symbols to discover a password. This method is normally only used for relatively short passwords with six or less characters, because longer passwords simply take too much time. But a solution has been discovered for this problem. In order to reduce the amount of time needed, Rainbow Tables are implemented. A Rainbow Table is a simple table containing many possible passwords and hashes (a limited range of values based on previous input) for the passwords. This table is used to test the security of passwords or to crack them. The method is many times faster than the brute force method in which the password hashes still need to be calculated. It is very time-consuming to set up a Rainbow Table, but the advantage is that it can be used many times over.
As far as passwords go, size does matter. The longer, the better. With every additional character a password has, the time needed to crack it becomes exponentially greater. Unfortunately, this also means the password becomes more difficult to remember, which means the password will most likely be written down somewhere. A good alternative is the password phrase, made up of many character but still easy to remember.