That might have been the way things
were, but not today.
Today, a 13-year-old kid with access
to the internet can easily get some password cracking tools on the dark web and
in a few minutes, start picking on your supposed strongest passwords. To make
matters worse, these passwords crackers are not expensive at all.
 |
| Image from pixabay.com |
Taking Steps Towards Password
Protection
Now that you know not only the smart
computer scientists from MIT or Harvard are after your data, but you might also
want to toughen up the security behind your passwords in the first place.
To do so would be understanding what
you are up against at all. After all, how do you expect to protect yourself
against threats you didn’t even know about?
That is why we will start with some of
the most common approaches taken by these password cracking tools. Only then
can you know what measures to put in place to curb them.
Shall we?
Common Password Cracking Techniques
Looking at all the massive data
breaches over time, here are the top all-time password hacking practices on the market right now – and they have been ruling the game for a long time too:
1
Dictionary Attack
The dictionary attack usually comes
with a great success rate, so it is no surprise that it is the first place a hacker would look if they were going to find out your passwords.
The dictionary – a good one, at least
– will contain all the words in a certain language. Likewise, there is a high
chance your password contains a word or string of words that could be found in
a language too. After all, there is little chance a user would use a word which
does not have a dictionary root somewhere.
Knowing this, hackers will employ a
dictionary file and apply it with an algorithm which runs through every
possible word combination to see which you have used as your password.
Interestingly, it doesn’t even matter
if your password is very long-phrase. While that will surely increase the
time it takes the computer to arrive at your final password, it doesn’t prevent
the password itself from being cracked.
2
Rainbow Table Attack
For proper password security, most
platforms (websites, apps and other accounts you need a password for) do not
store your password as plain text. When you set a password for these platforms,
the computer generates a unique string of characters, called hash, to represent the password.
By so doing, the computer can store
your password on its servers without actually storing the main password.
The benefit behind this is that the
hash itself cannot be used to login to your account. After all, it just stands
for the password but is not the password in itself. Likewise, the hash does not
bear any semblance to the main code, given as it is a random string of
characters. Finally, a hash doesn’t reveal the length of your password –
meaning you can have a 100-character hash for an 8-character password.
Unfortunately, hackers have upped
their games too. With the aid of something called a rainbow table, hackers can
reverse the hash so much, it reveals the actual password behind it.
3
Brute Force
This is probably one of the most
common attacks that you hear about.
Imagine getting access to a friend’s
phone and seeing that they have a passcode enabled on. Knowing your friend, you
can try multiple passcode combinations of on their phone to see if any works.
What you are doing, although on a smaller scale, is launching a brute force
attack on your friend.
There are 26 alphabets, millions of
words and ten numbers (0 through 9) in the English language alone. That would
make it impossible for a sophisticated hacker to try out all possible
combinations themselves. With the aid of an extensive setup of great computer
horsepower, though, they can run through thousands of combinations in mere
minutes.
That is why this attack is limited to
the professional hackers due to the time and resources it requires for proper
execution.
4
Man in the middle attack
 |
| Image from pixabay.com |
Perhaps one of the lesser-known
hacking attempts out there is this man in the middle attack.
These days, public Wi-Fi networks have
become a thing. They can be found almost everywhere you turn to - the park
where you are just having some fun, your early morning coffee shop, the
airport, and so on. In fact, if you were to leave your Wi-Fi turned on and
jogged through a couple of blocks, your phone would have connected to tens of
public Wi-Fi networks in that timeframe.
Hackers know that people love these
networks for the fact that they can download/ upload anything they like without
the fear of incurring data costs. However, these hackers will not be left out
of the fun too.
Due to the unencrypted nature of
public Wi-Fi networks, it is very possible for these hackers to hijack your
internet traffic and see everything you are doing on the network.
This means they get to intercept your
messages (from where they can steal sensitive information or even go impersonate
you), see all websites you are visiting (even if it is your private bank
account), steal your credit card details (if you were shopping online) and so
much more.
5
Phishing
A recent report
by Retruster concludes that phishing attempts are still one of
the highest modes of hacking – and they still work at an alarmingly great rate.
This is surprising, given that they have been around for a very long time and
should have been found out by many users before now.
Simply put, these attacks start off
with a hacker sending the potential victim an email. This email is usually
formatted as coming from a legitimate institution or individual, containing a
link at one or more parts of it too.
This link will be to a lookalike
website (usually a financial website or any other website you normally use)
which the hacker has created to fool such a user.
Unsuspecting victims will type in
their login details to such links and the hackers can harvest all of that data
in real-time. There is no difference between that and actually mailing your
login information to the hacker yourself.
6
Hidden malware
Hackers know that they can plant a
hidden virus on your computer as their listening device. Unlike what you know
about most viruses, this one doesn’t shut down your computer or start infecting
your files. Sometimes, it lies dormant and out of your sight while collecting
valuable data from your computer over time.
How is this attack propagated? Simple!
The hacker creates a seemingly
legitimate software or program and pushes that to the end-users. Once you
download such software onto your devices, the virus becomes activated. You
would not know anything is amiss too since the apps will work just as they are
expected to.
In fact, some of these apps may get
updates like your normal applications would. There is surely no way you would
guess anything was amiss.
7
Hybrid attack
Remember the dictionary attack from
above? Many users (who don’t even know about such attacks) try to make things
harder for hackers by employing character substitutions. That is where you
would see such passwords like:
●
‘P@ssw0rd’ instead of
‘Password’
●
‘Cl1intM3gan’ instead
of ‘ClintMegan,’ and so much more.
This looks like the password has been
created with a mix of uppercase and lowercase characters as well as symbols –
which is what most websites would tell you is the ideal password security
practice.
Unfortunately, a hybrid attack eats up
such passwords for breakfast.
Combining dictionary words with
special characters, the hybrid attack looks at all the possible ways users
could have substituted characters in their passwords. We don’t need to tell you
that, again, it is only a matter of time before the password gets found out.
Keeping Yourself Protected
With everything, you now know about how
password hacking works, it is almost like there is no stopping it from
happening.
We have bad news for you: you are
right – there is no stopping password hacking from happening. Even big brands
like Yahoo have suffered not even a partial breach, but a total breach
of all accounts they had at their disposal.
What you can do, though, is ensure the
hack is not successful. Fortunately, you don’t have to employ a security
company or spend thousands of dollars just to get that done.
The simple tips below will get you
there in no time:
●
Use unique passwords –
Sometimes, no matter how hard you try, hackers can get a hold of your account.
In this case, you want to make sure the damage is not more extensive than it
already is. That is why you should always use unique passwords for each and
every one of your accounts. Make sure no two accounts have the same password
variants (for example, you cannot use ‘July2016’ for one account and
‘September2016’ on the other) so that you don’t get found out.
●
Generate strong passwords online – The human mind is usually very predictable, so we
recommend not trusting yourself with your own passwords. Fortunately, there are
sites to generate strong passwords online every time you request one from them, and for free too.
Don’t even think about trying to memorize the passwords these pieces of
software will generate for you given their complexity and randomness. Since you
would need many of such passwords for all of your accounts, that brings us to
the next point.
●
Get a password manager
– There is absolutely no way you would remember all the passwords for all your
accounts if they are truly very random and unique. So, get a password manager
to store all your passwords securely. Whenever you need to enter your accounts,
simply retrieve the appropriate password from the password manager.
●
Turn on 2FA – No two
2FAs are the same, but they work for the same purposes. After going through the
hassles of setting a strong password and making them as unique as possible,
there is a small window of chance that a hacker still tries and gets the
password. When 2FA is enabled, though, such a password becomes useless to them.
After all, they would now need your other form
of authentication before they are granted access at all.
●
Use a VPN – Public
Wi-Fi networks are inherently unsafe, and not only because they leave you prone
to man-in-the-middle attacks too. If you would keep enjoying the goodies
they bring on board, you might want to consider using a VPN to secure your
connection whenever you are on one. A VPN helps tunnel your internet traffic in
such a way that only the source severs (you) and target server (platform –
either an app or a website – you are reaching on the network) can see the data
you are transmitting.
Final Words
It should probably be noted that there
is nothing like a password which can never be cracked. With a combination of
the password hacking techniques up there, a supercomputer can get into just
about any account, it is dedicated to.
The only difference is that some
accounts can be hacked in mere seconds while some others will take several
years of non-stop hacking to get into. Which would you rather yours is?
No comments:
Post a Comment