As a growing number of organizations fall victim to data breaches and other cyber attacks, having a strong password is more important now than ever before. Your password is your first line of defense when it comes to keeping your business and personal data out of the wrong hands. But how do you create a password that’s tricky enough to stump a hacker – without being too hard to remember yourself? Today we’re going to walk you through not only how hackers can gain access to your passwords, but the steps that you and your team can take to make sure your accounts are safe and secure.
How Do Hackers Hack?
You’re probably asking yourself how hackers gain access to passwords to begin with? While there are plenty of nefarious ways to gain access to someone’s password without their consent, here are the three most common methods:
The Dark Web
Though it may not be the cheapest option, the easiest and fastest way that a hacker could gain access to your credentials is by buying them off of the dark web. Hackers using this technique are especially dangerous to individuals who have the habit of using the same password for all of their accounts.
Brute Force Attack
The Brute Force Attack method of password cracking involves a hacker using automated software to generate random combinations of possible passcodes until they land access to yours. This software can generate up to 350 billion possible passcodes per second and can successfully crack a majority of eight-character Windows passwords utilizing upper and lowercase letters.
The third and final popular technique for hackers to obtain passwords is phishing. Unlike the dark web and brute force attacks where the user is unaware of the potential hacker, phishing involves tricking the user into providing personal information under the guise of a legitimate account inquiry. Phishing can take many forms but the most common example is a user receiving an email from their credit card company claiming an issue on their account. The user is then instructed to click a link to log in and resolve the issue. Because the link is created by the hacker and not the credit card company, the information goes directly to the hacker where they can use it to either sell on the dark web, or take control of your account themselves.
How To Improve Your Password
Now that we’ve gone over the ways in which hackers can gain access to your accounts, here are our top three tips to make sure your password is strong and secure.
It’s tempting to use parts of your name, username, birthday, or address to make your password memorable, but these components also make your password easy to guess. If you must use real words in your password, try to pick a random combination of words.
When it comes to password length, the longer the better. An absolute minimum recommended password length is 9-12 characters, but you can always go longer.
Shake It Up
Use a mix of upper and lowercase characters plus numbers and special characters if permitted. The more uniform your password is, the easier it will be to guess.
KISS (Keep It Secret Stupid)
It should go without saying but here we are – Never share or keep your passwords in places that could be publicly accessed.
What To Do If You’ve Been Compromised
If you already suspect that your account has been compromised or your passwords are at risk, you can take the following steps to re-secure your accounts:
- Immediately change all of your passwords using the recommended criteria above (remember a different password for each account!).
- Update your account recovery information (change your recovery email, use an alternate phone number, etc.)
- Report any suspicious activity or unauthorized charges posted to your account.
Is your breach bigger than a single password leak?
Ra Security can help. From increased cloud data encryption to SEIM and incident response, we’re here to keep you and your organization secure from third party threats. To learn more about these services, please check out our services tab or schedule a consultation to speak to a representative.