Internet

Why password theft is the main method to hack you

Deepak GuptaAugust 16, 2022
0

One of the main attacks that cybercriminals carry out is the theft of passwords or credentials. After many years with the main services imposing requirements for new passwords (greater length and complexity), and even imposing two-factor authentication like Google does, the truth is that password theft is still the main attack method to try. hack your account Next, we are going to explain how cybercriminals act and what you can do to avoid it (or make it more difficult for them).

A recent report indicates that more than half of security incidents were caused by credential theft, after this incident, ransomware and DDoS attacks were placed as the second and third most used method by cybercriminals to achieve their goals. Therefore, password attacks are one of the most used to try to hack companies, organizations and also users. The reason is because users do not care about properly managing their credentials, therefore, cybercriminals take advantage of this to attack them.

How they steal passwords to attack

Cyber ​​criminals often exploit web vulnerabilities and in other services to steal the entire database of users and passwords. A good security practice that the vast majority of services use is to store the password hashesIn this way, to obtain the passwords it is necessary to carry out an attack on these hashes, which greatly hinders the possibility of obtaining the keys in plain text.

The hash of a password can be cracked Usually by two methods: brute force (thousands of combinations and permutations of characters are tried to find the password) or dictionary (the main passwords that people put are tested). Cybercriminals often use powerful computers to crack as many passwords as possible, and then try to break into different user services. We must remember that one of the main security recommendations is not to reuse passwords in different services, something fundamental if one of the services that we are using is hacked, because it will not affect all the others that we are using.

Now that you know what cybercriminals do to steal and crack passwords, we are going to explain what you can do to avoid being hacked.

What can I do to avoid being hacked?

If cybercriminals have entered a service and have obtained their passwords, generally what the main services do is reset the passwords to prevent their clients from being affected, however, it is possible that some do not do this so as not to reveal that They have been hacked. For this reason, here are the best recommendations to properly manage access credentials:

  • Use complex passwordsIf possible, you should use a randomly generated password in order to make it harder for password cracking programs to do their job.
  • Use whenever possible the two-step authenticationIn addition, our recommendation is that you use an authenticator application, never use SMS messages because it is not safe to use this. In addition, if you use an authenticating app, it is recommended that it has synchronization in the cloud, with the aim of storing the tokens there, and in case of loss of the terminal, you can continue accessing without any problem.
  • Every 3 months you should change your password of the different services, although today we are using dozens of services simultaneously, it is advisable to change the key regularly in the most important services.
  • Use a password manager where they are all stored, in this way, we will not have the need to use easy-to-remember passwords.

Most famous hackers in history

If you are an administrator of an online service or system administrator, it is recommended that you carry out the following recommendations regarding passwords:

  • Activate the complex password policyboth in length and in the use of different characters.
  • Activate that every 3 months users are forced to change their passwords, for security cuestions. This new password should not be similar to the old key, but rather a completely new one.
  • Do a review of all users, and revoke credentials of those users who are no longer in the company, or who should not have a user.

As you can see, although cybercriminals continue to focus on stealing passwords, cracking them and using stolen user credentials, if we follow some basic recommendations when managing passwords, we will not have intrusion problems.

We have other articles that may interest you:
  1. Keep an eye on your house with these bargains on Wi-Fi cameras
  2. Omnidirectional vs Directional Antenna: How It Affects Wi-Fi
  3. Why do your PLCs (Powerline) at home cut and slow
  4. These security mistakes can lead to your identity being stolen
  5. Your network printer may not be secure, do this to protect it
  6. 3 reasons to change your WiFi card on your computer
Deepak GuptaAugust 16, 2022
0

Related Articles

How to configure Home Assistant to use AVM routers FRITZBox

November 7, 2022

Error 0x80240438 in Windows Defender: what to do to avoid it

August 26, 2021

These types of smart plugs should never be used

April 8, 2023

Have you bought on these websites? Thousands of bank cards have been stolen

December 21, 2021

Leave a Reply

Your email address will not be published. Required fields are marked *