Cyber-attacks are a constant threat. Instances like Target, LinkedIn and Equifax’s data breaches are becoming more common, in addition to pointed attacks at individuals.
In order to obtain our information, hackers often use password cracking software.
Do you know what goes into the process of password cracking? And, do you know what steps you can take to protect your information?
What is password cracking?
Password cracking is the process of guessing or recovering a password from stored locations. Once a password is obtained, the hacker will use the information to gain unauthorized access to an account.
There are a handful of ways hackers can find your passwords.
How password cracking works?
One thing to notes is that a hacker isn’t always a masked person in a remote area. It could be someone you know. One way a hacker can gain unauthorized access is by guessing passwords based on their knowledge of your personal attributes. For instance:
- Name combinations like variations of your name, shortened, full name, or nicknames
- Hobbies like your favorite book, movies, car or celebrity.
- An important year or number, like the year you were born or a uniform number you wore.
Many people include these personal elements in their passwords, which makes them an easy target. If this sounds familiar to you, it might be time to change your password.
For more technical hackers, special software can be used in the password cracking process.
Two types of password cracking approaches
Dictionary
Dictionary attacks are conducted via software that scans through a list of preset passwords. For example, a hacker can make the software scan through a list of words from an actual dictionary, or from a list of the most commonly used passwords.
Brute-force
A brute-force attack uses every possible combination of letters, digits, and special symbols to determine the password. This is where the importance of a strong password comes in, the more complex a password the more difficult it is to hack, or the more powerful a hacker’s computing capability must be.
With a strong enough computer (and weak enough passwords) hackers can crack passwords in milliseconds.
Tips for protecting yourself from password crackers
Hacks can largely be prevented with a few simple steps.
The biggest problem with password protection is that many people don’t use strong passwords.
Use stronger passwords
Longer passwords with special characters and symbols are exponentially more difficult to crack. If developing strong passwords gives you a headache, look for a system to help. Software like EZPD generates complex passwords, up to 256 characters long, to help protect your most valuable data.
Eliminate the snowball effect
If your password is hacked on one site, the next thing your attacker is going to do is test the combination on other accounts. If your primary email and subsidiary websites share the same password, your hacker can have access to anything from your social media presence to your banking information. Create unique passwords for each of your accounts, and find a way to keep track of this information, safely.
Enable two-step verification
By requiring more than just a password to access your accounts, you’re adding a second layer of protection. If a hacker can guess your password through brute-force or a dictionary attack, they will also need to know personal identifying information about you like where you went to elementary school, your first pet’s name, etc.
Be wise with your two-step verification questions and answers. Some of these questions can be uncovered by looking through your social media posts or searching Google. When you implement two-step verification, create a question and answer combination only you know the answers to.
Learn how to recognize phishing emails
Phishing emails are typically email correspondences from hackers masked as legitimate businesses.
The goal of the attack is to trick the recipient into revealing information like usernames, passwords or financial information by asking the recipient to “confirming” the information on the phisher’s website. Though the emails often look legitimate, pay attention to the misspelling of words, and the URL of the sender’s webpage.
If you want to learn more about the importance of password protection read more on EZPD’s blog.