2022's best place for Cybersecurity Insights and Advice for Everyone

#1 - Signup to our list and get regular insights and advice on how to be cyber safe.

By entering your email address you agree to receive emails from EveryDayCyber. We'll respect your privacy and you can unsubscribe at any time.

Lock the Door. Bad Passwords: The Greatest Threats to Password Security

by Cyberguy | Last Updated | January 27, 2022
CyberSecurity - Consumer|CyberSecurity - SMB

Lock the door. Bad passwords, the greatest threat to password security - Digital Access

Have you noticed that you can’t move an inch without an internet connection? Think smart phones, smart fridges, smart cars. Almost everything we interact with now connects us to something, someone, somewhere.

It won’t be long before we all have to sign up to washmenow.com to wash our clothes. Think about it. Soon, your washing machine won’t work unless it can talk to the cloud. You’ll need an account on washmenow.com just to wash your underwear.

You need online accounts for everything. All these accounts need login credentials – typically a username and password. Guess what a hacker uses to steal our identity, our data, and our money – common passwords.

Your kingdom for bad passwords

Bad passwords are the worst cyber security mistakes. But individuals and businesses continue to use them every day. They are a major security vulnerability hacker groups can exploit.

Threat actors are always after your devices and systems. They can easily break bad passwords and use them to cause havoc and steal your data. If you don’t want to get hacked, use complex passwords.

Using the same passwords for your email, bank account, and all other accounts is risky. It increases the chance of unauthorized access to your bank account to steal your money. Passwords leaked in data breaches are even more deadly.

The Shocking Stats

Are you familiar with “qwerty”? Studies show some mind-blowing statistics about the worst passwords. They are usually the most common passwords. And they inflict chaos and leave a negative effect on our digital lives.

SMB Password Statistics

#2 So here we are at the middle of the post. We still think it's a good idea to signup.

By entering your email address you agree to receive emails from EveryDayCyber. We'll respect your privacy and you can unsubscribe at any time.

How did they get my password?

Password robbers are an ingenious group. They use various methods, techniques, and strategies to get their victims’ passwords. They are also interested in login credentials (usernames, passwords, pins, etc.).

The bad guys steal your password through password cracking, dictionary attacks, and phishing

Password Cracking

Password cracking refers to the various methods used for discovering passwords. Password thieves steal passwords stored in or transported from a computer system. Hackers repeatedly guess the password until the password is discovered. They use a computer algorithm that tries all possible combinations.

The most malicious reason for stealing passwords is to hack computers. Cyber crooks intend to use them for fraudulent activities without the owners’ awareness.

Here are two techniques cyber criminals use to do password cracking:

1. Brute force attack

A brute force attack uses excessively forceful attempts to break passwords. It uses the trial and error technique. Cyber criminals use powerful computers to test a wide range of password combinations.

Attackers try all possible combinations of characters until they guess the correct mix. They automate the process with clusters of computers to achieve their goal faster. Powerful computers can try 300 billion+ guesses a second. So passwords under 12 characters don’t stand much of a chance.

Password brute force attack

2. Dictionary attack

A dictionary attack is like what it sounds. Password crackers look for common words and phrases. They can also try to search for old passwords for future attacks.

Password dictionary attack

Phishing and social engineering

“Your bank account is locked, please change your password.” This is a common tricky message. It’s social engineering at its best. It uses fear, urgency, or threats to trick people into providing their passwords.

Phishing is also one of the most successful ways of stealing passwords. So it’s not surprising it occurs a ton. Phishing can occur through texts (smishing) and voice calls (vishing). But the most common is through emails.

Phishers use all types of emotional and stress-inducing methods. Their aim is to intimidate, convince and con you into taking actions you shouldn’t.

In many instances, they induce you to click a link that will take you to a fake site they have impersonated. While there, you’re asked to provide your password or other credentials. Once you do that, they will capture your credentials for future attacks.

Password credential stuffing process

Types of password hackers

There are three types of password burglars in password cyber crime. They are the password crackers, password sellers, and password users. A cyber criminal can be one, two, or all three of these types of hackers.

Password crackers

These are the bad actors that use various methods to break and steal passwords. They do their task with the methods we discussed earlier. They build inventories of stolen or hacked passwords and credentials. Then they sell them to password wholesalers.

Password wholesalers

These guys are the middlemen in password cyber crime. They create online markets on the dark web and act as a reseller to other cyber criminals. They buy stolen credentials by the boat load and sell them to the highest bidder. They create online dark web e-commerce sites to transact anonymous deals.

Password buyers

These criminals are the ones purchasing and using the stolen credentials. They could be individual bad actors or organized syndicates of cyber criminals. They greed for the worst passwords leaked to the online world to launch all kinds of cyber attacks.

These password criminals form the ecosystem for acquiring and using stolen credentials. It starts with the password crackers. They focus on stealing or cracking credentials, primarily passwords.

The password buyers next come into the picture. The easiest method to build a database of passwords and login credentials is to buy them. Then the password users use the stolen credentials to launch cyber attacks.

Weak passwords are bad, strong passwords are good, multi-factor protection is great

Lots of bad password practices are going around. Many users are failing at good password and login credential management. The exponential increase in cyber crime makes now, more than ever, the time to up your password game.

In today’s connected world, we all need digital accounts. We need them for the websites we visit, online services, email, and the list goes on. With so many accounts, managing login credentials becomes daunting.

We get lazy about our passwords. We use short, simple, and the most common passwords on multiple accounts. Cyber criminals love this because it makes their lives so much easier.

Remember the stats. It takes 10 minutes to hack a 6-character password. Within a couple of hours or less, criminals are able to crack an 8-character password. They use powerful computing power to breach even 12-character passwords. So make sure to create unique passwords with random alphanumeric and special characters.

How long it takes to crack your password

How to achieve password security

We have a battle on our hands, but there are ways to defend ourselves. Here are the top six steps you should take for better password security.

1. Make your passwords 17 characters or longer

Longer passwords are much harder for cyber criminals to guess. Cyber crackers use clusters of computers for more speedy cracking. So if your passwords are short, they’re in for easy cracking.

2. Use random letters, numbers, special characters, or words

Common passwords are easy to break. Hackers are great at spotting and recognizing patterns, so avoid using them. Use a combination of random lowercase and uppercase letters, numbers, and special characters.

3. Consider using passphrases instead of passwords

Passphrases are a collection of common words combined randomly in a memorable phrase. A 7-word passphrase would take one (1) octillion (1+27 zeros) attempts to break.

4. Do not reuse passwords

Cyber criminals love users who recycle or reuse passwords on multiple sites. Once they crack one of your passwords, they can use this on all your accounts. Once one account is cracked, all of your accounts are cracked. So never ever give in to password reuse.

5. Always use multi-factor authentication (MFA) if it is available

Two-factor authentication (2FA) is currently the most popular. A Microsoft study found that enabling 2FA blocked 99.9% of automated attacks. 2FA forces you to provide two proofs of identity when connecting to a secure service. Multi-factor authentication is an even more secure option. It requires you to provide three or more authentication categories.

6. Use a password manager

A password manager creates unique passwords with its random password generator. It automatically creates strong passwords and stores them in a safe vault. It also works on almost every device and improves its security.

Our final thoughts. Strong, unique, and complex passwords make your accounts secure. Remember the worst passwords give you the worst digital nightmares

#3 You really should sign up. "Scouts Promise" ... it really will help you stay cyber safe.

By entering your email address you agree to receive emails from EveryDayCyber. We'll respect your privacy and you can unsubscribe at any time.