For as technologically advanced as we’ve become, we are still very behind in effective password management and security. News on the latest cybersecurity breaches can be commonly linked back to a compromised password. And the latest scary statistics on Google will reveal that users have not changed or improved their password management practices. One thing for certain is that we will be using passwords for the foreseeable future or until we reach a password-less era. Until then, let’s take a look at ways hackers can steal your password.
This is the “wolf in sheep’s clothing” method of stealing passwords. It comes in the form of digital communication and is disguised as a trusted and familiar entity. It dupes you into providing your credentials for a request that is perceived to be legitimate, and then you are one fake log-in form away from a fraudster having access to your sensitive data. Start using a 2-factor authentication method to log in to your sites, or you can start taking a few extra minutes to read through emails you don’t recognize. We guarantee you’ll spot the misspellings in these phishing emails if you do.
2. Credential Stuffing
Also referred to as list cleaning or breach replay, hackers take lists of stolen credentials and regularly test them against thousands of sites to see which ones match. The matched ones are often sold on underground forums, and because many people use the same passwords for multiple sites, the odds favor the hackers when they use this method. There are also automated tools available for them to speed up this process. Our advice: use a different password for every single site you use. And if you can’t bear the thought of trying to keep up with multiple passwords, check out some of the top password managers for 2021.
3. Password Spraying
This technique is like credential stuffing but the opposite. Instead, hackers take a list of user accounts and test them against commonly used passwords like 123456 or qwerty. Knowing someone has this time much time on their hands is scary, so be sure to check your current passwords against the first list of most commonly used passwords you can find.
Keylogging requires additional coordination and can be difficult to pull off. It’s a targeted attack because the hacker has to gain access to the user’s computer first. After they gain access, the hacker can record the strokes on the keyboard to obtain credentials for logins with secure forms. Like the automation tools available for credential stuffing, there are post-exploitation kits that give attackers off-the-shelf keyloggers. Unfortunately, having a unique password is not going to keep you secure from keylogging. Ensure you are running a good security solution so your device can detect any malicious activity.
5. Local Discovery
Post-It notes are great for many things, except for password storage. Just like what it implies, this method is when your password is found and seen in plain text by writing it down somewhere. While we applaud your efforts if you are one of those people who still likes to write everything down, we encourage you to use caution when putting credentials or any other sensitive information down on paper.