Password management – how to keep our passwords protected
It’s time to change the way we think about our passwords. Not too long ago a password of at least 6 characters including upper and lower case letters and special characters was enough.
Now, with the advancement of hacking techniques, and our increasing reliance on technology to perform simple actions like bank transfers or mobile payments, hacking your account can result in irreparable damage to people and businesses.
Cracking Passwords – Common Techniques
Brute Force attack
To perform a brute force attack all a hacker has to do is run a code that attempts to login using all possible passwords. When the hacker has no prior knowledge regarding the password pattern, a.k.a guessing, they start with the shortest passwords and when all options for a password of a certain length are exhausted, the code switches to longer passwords, systematically going through the lengths.
A hacker can also run the most common passwords, or attempt to answer the security question.
In addition, hackers can bypass Windows protection by using a bootable version of Linux (an open-source operating system) and upload NTFS files that contain tools and malware.
Phishing is an attempt to steal sensitive information by impersonation. It is a method of deception that aims to cause the user to act, usually clicking an attached link, that will endanger their computer. Phishing is the most popular method for social engineering, due to the great diversity in the types of phishing, which allow a simple and easy attack or prepared and targeted attacks, according to the preference of the imposters.
- Phishing email – emails that look like they came from a reliable source such as real organizations, institutions and service providers, but were actually sent from a hacker who are impersonating them. The use of the corporate language, the company logo, even the original typography – all these upgrade the level of credibility and make us believe that it is indeed the organization in question, usual companies such as Facebook, eBay, and the like.
- Spear Phishing- This manipulation is tailor-made for the target. In a corporate environment as the attacker collects information about employees in a certain department and imposters a known entity, a service provider for example.
- Whaling – Within the spear, phishing category is whaling- phishing for senior executives. This phishing is aimed at executives at the management level.
- Vishing- using social engineering tactics over the phone, by pretending to be an authorized person such as a technical maintenance person or credit card company representative.
- Search engine phishing- this is an attempt to place fake and malicious sites at the top of the search engine results that appear in the browser, whether it is by ads or sites located in an organic location.
2022 Ray Eyewear Brand Black Friday Fake Phishing Site
Password Protection – Tips
- When creating a password, it’s important to follow the table above and create a password between 12-16 characters minimum, including uppercase, lowercase and special characters. You can check the strength of the password with Kaspersky’s tool.
- Use separate passwords for different accounts – most of us use the same password or a variation of the same password for several sensitive accounts. This practice creates a real danger of multiple hacking and leaves many people and organizations vulnerable.
- Use multi-step verification – Multi-step verification adds additional layers to verify the identity of the account holder when logging into the account. These “factors” can include biometrics such as fingerprint or facial recognition, or a temporary passcode sent via text message.
Avoid sharing personal details such as the schools you attended, pets, place of birth or other personal details.
- Be very careful about building online friendships.
- Use a password manager – This is a software for managing all passwords in a central and secure place. The use of a password manager allows users to remember only one password. Many companies offer free password managers, such as Bitwarden or Keepass. However, the most recommended are sold for a small fee of a few dollars per month, such as LastPass, or 1Password.
- Rate Limiting- if you have an application and allow your customers access to the account, limit the number of login attempts. The protocol is called Rate limiting and it is a simple solution that can prevent a breach.
Phishing tests for organizations are a good way to raise the awareness of employees in organizations about the importance of strong passwords. Employees are taught precautions and the manager is given an indication of the level of security in his company. A phishing test is carried out by a team of testers that specializes in identifying attacks and their application in the workplace. The goal of the team of researchers is to create a simulation of a real phishing attack, and thus the organization’s employees are subjected to a phishing test – whether they will give their details or not. The team will usually purchase a domain, and sometimes an SSL certificate as well In order not to arouse suspicion, a message is then sent e to the company’s employees (using one of the phishing methods listed), from a supposedly familiar address. The message is usually accompanied by a link with a request to enter personal details (password, username, account details, etc.). As soon as employee awareness of this issue increases through phishing tests, employee caution will increase and thus prevent the next attack.