Password Hacking

How to Defend against Password Hacking

Any way you look at it: your secret passwords are under attack. Computer hackers love to successfully defeat cryptography systems. Cybercriminals enjoy getting access to your online accounts. Fraudsters want to steal your identity. Some hackers just want the publicity of embarrassing a prominent online brand by pilfering their account data.

Now while the average user can do little to stop wholesale theft of Internet account credentials from major social media networks, ISPs or online banks – we can all do our part to lock the front door to our personal information better. This means selecting a stronger password in the first place. Too many people are still choosing lame combinations and making the hacker’s job all too easy. (Some of the most popular remain “password”, “123456”, “abc123” and “welcome”!)1

Password hacking is ongoing and growing. Let’s examine some of the methods computer hackers employ to obtain your online credentials.

Secure Coding Handbook

Get the Handbook

How hackers crack passwords:

Social Engineering. The easiest way for a hacker or criminal to gain access to your online account information is simply to ask. They can pose either as you or as the online service provider and get one or the other to give up your password. When posing as you, they contact the site’s customer support department and use stolen information about you to “prove” that they are you. Then the password is simply reset and the hacker is in. When posing as the bank or ISP, they use phishing techniques to trick you into sharing your credentials, such as setting up spoof login screens that pretend to be the official website.

Spyware. Hackers can use keylogging malware that secretly installs itself on your computer, logs your keystrokes, and then transmits account credentials. Practicing safe computing techniques – which include regularly scanning computers for viruses, never sending login information over email, and ignoring popup windows – can go a long way toward protecting your personal information.

Cracking. Cracking is the process of recovering passwords from data that has been stored in or transmitted by a computer system. A common approach is to repeatedly try guesses for the password. Another common approach is to say that you have "forgotten" the password and then change it.

Guessing. If all else fails, hackers can crack (essentially guess) your password in a few different ways. They use special programs armed with dictionaries or known information about you to try combinations such as hobbies, pet names, date of birth, loved ones, birthplace and other associated words. As a last resort, they can use “brute force” automated programs that try every possible combination.

Building a better password:

hack-proof password

To do your part to thwart the password thieves, rely on these simple tips for constructing a hack-proof password.

  1. Longer is usually stronger. Passwords featuring 10 or more characters are better than those with 8 or less. Try experimenting with login phrases instead of single words.

  2. Use uppercase and lowercase letters. Try a combination of big and small letters, and in random combination not always initial letter capitalization.

  3. Insert numbers and special characters. Substituting a zero “0” for the letter “O” is one common method, but also try 1 for I, 3 for E, and 5 for S. Add characters like @#$%^&* for variety.

  4. Experiment with clues. Think of a random childhood attraction, or a place you love, or a specific car, a vacation spot, or a favorite restaurant. These will be easy to remember but hard to crack using what may be already known about you.

  5. Use a personal algorithm. You can create your own cryptographic method to obscure your passwords. Try thinking of a long phrase and then using just the initial letters of that phrase. Combine unrelated words. Always substitute the same numbers for certain letters. Type the password one row higher on the keyboard.

  6. Change often. Changing your passwords monthly, even occasionally, is a good practice.

One study has shown that adding just a single capital letter and one asterisk would change the processing time for an 8-character password from 2.4 days to 2.1 centuries.

Our last piece of advice may be the hardest to follow. You really need to have different username / password combinations for every website you visit, email account or computing device. Otherwise if a hacker can figure out your standard password on one site, then everything else will be compromised. Don’t use the same password everywhere. Password management programs such as Password Gorilla (Free) or 1 Password (Paid) can encrypt and store all of your passwords with master access to all of them. Many of these packages feature automated form completion and mobile versions for smartphone use. Ongoing vigilance is key to avoid becoming a victim of password hacking.

Click here to learn more about how we can help speed your innovations to market — without sacrificing security.

1 -

5 principles of Secure DevOps

Learn best practices from the pros at Veracode.

Get the Handbook