These are quick first looks and trend and threats


Read More >>
Written by the security and AV professionals from team K7, meant for the general audience
Read More >>
These are usually articles that go into internals of a virus or deal with security issues
Read More >>
Senior managers speak on areas of interest to them, inside and outside the industry
Read More >>

Passwords – Hashes to Ashes

This is the fourth part of the blog series on cyber security, continuing from its third part on Scareware, RogueAV and Ransomware, focussing on the dangers of choosing weak passwords and the consequences of recycling the same password across different online accounts, and a few tips on how to determine a suitably strong password.

In today’s digital age, people’s lives seem to revolve around passwords.  Passwords to online portals play an important role in securing access to a user’s online information, whether financial, professional or personal. Hence, users are perennially advised to always secure their accounts with strong passwords.

Many online portals alert users about inadequate password strength when setting up the login credentials for a user account.  Some online portals may even enforce strong password before the account is set up. Users must consider password depth while deciding on an account’s password to avoid their passwords being hacked easily.

From a security perspective, using the same password for a user’s multiple accounts is dangerous, both for personal accounts as well as in a professional environment.  In this case a hacker need hack only one account to have the credentials to have access to the victim’s other accounts and the sensitive information held therein.

Users should beware the consequences of using weak passwords. Here are a few of the general mistakes which lead to coining weak passwords:

  • Passwords which have been used previously
  • A user’s friend’s or family member’s name or date of birth
  • Favourite food/place name
  • A user’s own name
  • A single word from a dictionary
  • A common name
  • The username reused as the password
  • Keyboard patterns/swipes, etc., e.g. qwerty

Usually hackers try to hack an account by attempting common words as passwords at first, and then with complicated words by combinations. This process, a simple form of “bruteforce attack”, need not be done by hand, but is rather automated using hacking tools. Here is an example to show how much time it would take1 for a hacker to crack a user’s password:

In order to safeguard against these types of attacks, here are few tips on how to choose and maintain a secure password:

  • Use unique passwords for every account, i.e. never repeat passwords across online accounts
  • Use a long, alphanumeric password with punctuation to match the recommended password strength, e.g. Th!sL00ks5trOng:-)
  • Never leave the login session unclosed or to timeout automatically. Logout/Sign-out immediately once the work is done
  • Never share your passwords or any account credentials with others
  • Backup login credentials in different devices/media in encrypted format to avoid data loss in the case of lost/stolen devices
  • Avail of a reputed Password Manager to assist you in managing your passwords

Benefits of using a Password Manager:

  • Password Manager can generate strong passwords
  • It can save your credentials and auto login/fill-in the next time you visit a known site, provided password security is ensured
  • You don’t have to worry about forgetting passwords

Choose a Password Manager that ensures data security by encrypting the passwords.

References:
1. https://howsecureismypassword.net/

… to part 5: Social networking

Image courtesy of:
commoncraft.com

K7 Threat Control Lab

If you wish to subscribe to our blog, please add the URL provided below to your blog reader: http://blog.k7computing.com/feed/

Comments are closed.