Hackers And Users Combine To Make Passwords Less Secure

Log in screen

Passwords are a constant object of concern for security experts. We’ve used this space previously to talk about the potential weakness of passwords to protect your online accounts. Robert Lemos, of Dark Reading, reports that the habits of users creating easily guessed passwords and an upgrade in hackers’ capabilities for breaking them have made password protection increasingly weak.

When creating passwords, even seemingly strong ones that include upper and lower case letters, numbers and symbols, most users still use similar passwords so they’re more memorable. This use of mnemonics makes passwords predictable.

Hackers have tools capable of brute force password guessing. These programs guess billions of possible password combinations until they’re able to gain access to an account. Some top of the line programs can guess about 1-billion passwords per second.

When a user’s password is predictable because of recurring habits, hackers are able to make intelligent assumptions about what your password will look like. That narrows down their list of possibilities considerably, making their password guessing tools even more effective.

Add that to how many websites don’t have ample security on their customers’ passwords. There have been multiple examples over the past year of hackers stealing huge lists of passwords in one attack. This not only gives them access to those accounts, but also gives them real world examples of the types of passwords typically being used.

These brute force attacks are actually fairly rare. Most criminals won’t take the time to launch an attack against a single account. For that, they prefer to use phishing scams and social engineering to get users to send them their passwords unknowingly.

Having a secure password is still important, but it’s even more important to understand where secure passwords will do you the most good. For example, banking sites usually put the most security on their users’ passwords and they’re very rarely compromised. Using a secure password for your bank account is a given, but you want to be sure not to re-use that account on a less secure site. That’s how many bank website’s are compromised. A user will use the same password on a site that isn’t very secure, then a hacker will steal a large number of passwords from the unsecure site and use them on more secure sites.

Using a password manager is one way to enable you to use unique passwords for each account, but never have to worry about forgetting them. However, even this method is hackable.

Although it’s probably impossible to be completely secure, avoiding phishing scams and social engineering and having strong passwords in place will serve you well.

For more information about how to keep your accounts and your computer safe, contact Geek Rescue. We not only fix devices that aren’t working right, we also protect them against future attacks.

October 17th, 2013