The scope of cybercriminal attacks is constantly expanding. To effectively protect your data, you need to know how your user passwords can fall into the wrong hands. How do cybercriminals break our passwords? We present the most common methods developed by Fortinet experts.
A secure password is important. A quarter of Poles do not use any
Phishing – Fake e-mails and SMS messages sent to users of popular services and applications to obtain login information. They urge you to click on a confusingly similar, confusing link to the original website, or open a link and enter your login and password, and sometimes provide other sensitive information.
Dictionary attack – Attackers compile a list of common short words that can be used as a password. They then try to gain access to user accounts using a machine that enters the following elements from a previously created “dictionary”. Hackers also add numbers to words. Note that a “1” at the beginning or end of the password does not make it stronger, and therefore it is difficult to break it.
Cruel force attack – Hackers create random but short lines of a large number of different characters and try to use them as a password to access an account.
picture: mat. press releases
How do cybercriminals break our passwords?
Password spraying – Attackers using this technique try to identify a victim who uses a default or easily guessed password by testing only a few of the most common passwords on multiple user accounts.
Keylogging attack – Criminals install software that records the sequence of keys pressed on a potential victim’s device. The keylogger installer is usually hidden in phishing emails. The lines obtained in this way are sent to hackers, who extract the logins and passwords they are interested in.
Traffic interruption – Cybercriminals use special software to monitor and intercept network traffic, which contains information about passwords. The weaker the traffic encryption algorithms, the easier it is to obtain login information.
How can I create a strong password?
Fortinet experts remind that a good password is a password that is easy for a user to remember, but at the same time difficult to guess by people who know many details about his life. It’s not a good idea to use the name of your first pet or the street where you grew up. Adding numbers and special characters to your password will not make it inviolable. Unfortunately, hackers have their own proven methods.
What to avoid when creating a password
Names of movies and sports teams
Simple words where we replace the letters with special characters (“H4sl0” instead of “Password”, “P @ $$ w0rd” instead of password)
When creating a password, use combinations of uppercase and lowercase letters, numbers, and characters that seem impossible or random. A strong password is also a password that is at least 10 characters long.
Fortinet experts recommend best practices for password management
Never share your password with anyone.
Do not use the same password for different accounts. If it is compromised, cybercriminals will have more access to your personal information.
Change your password every three months. This significantly reduces the chances of criminals accessing your account.
Users are also encouraged to use password managers to automatically generate long, complex passwords for network services. This is just a way to use strong, hard-to-break joints. In addition, thanks to this solution, you only need to remember one “key” of the virtual safe for your passwords.
How can cybercriminals prevent you from breaking your password?
There are a number of ways to protect your data from hackers. It is also important not to limit yourself to just one thing.
Multi-factor authentication – Confirmation of the user’s identity by the login system requires additional verification using a physical token or mobile application. Even if hackers manage to crack the password, they will not be able to complete the login process and thus gain access to the data.
Single entry (SSO) – Allows users to use a secure username and password for multiple company applications.
Cybersecurity training and education – Cyber threats are constantly evolving, so every network user should be aware of the dangers that await him. Therefore, it is worth taking advantage of the free courses available online. This is a key activity that will help you effectively protect your family or business information online.