Easy Ways to Get Hacked – Part IV

Weak Password: Access Granted


The world saw two major hacks recently – Yahoo and LinkedIn. While LinkedIn compromised 117 million passwords, Yahoo compromised 200 million passwords.

People tend to reuse their passwords. Thus, hackers are more likely to gain access to people’s email and bank accounts.

Password security is one of the fundamental practices of ensuring that the company’s data is secure. Passwords such as “01234”, “access” etc., have been disclosed to be some of the most popular passwords. Users need to know the importance of strong passwords. If employees use such easy and obvious passwords, organizations should be worried about whether their confidential information is in safe hands.

Users create passwords that have some meaning. They also use the same passwords across various websites. Creating passwords that have some meaning reduces the peril of obvious passwords. But it increases the threat of security breaches as users are not likely to change it often. When users use the same password across various sites, the password is revealed across all the other sites where it has been used, if one of the sites is compromised.

Employees choose such easy or obvious passwords as it’s easy for them to remember. IT experts can help employees reduce the burden on individuals by acting securely.

Alphanumeric passwords are a strong combination for passwords. But only 29% of organizations feel that complex and hard-to-crack passwords help to lessen risks related to security. The risk with alphanumeric or other complex passwords is that employees jot it down somewhere to remember it. This can be stolen or lost.

How do hackers get passwords?

Remote Administration Tool (RAT) allows a hacker to connect to your system, without your know-how. With the help of RAT, a hacker can see all the activities taking places on the screen. A hacker can copy files from your hard disk to his computer. RAT also has the built-in functionality of keylogger. Poison Ivy is a well-known RAT, which can be modified to connect to your system on a port number indicated while creating the RAT.

Keylogger is one of the basic tools for getting your passwords. Keylogger lives in your system memory and runs every time a system starts. These keyloggers log all the keystrokes you enter. A log is created and it’s sent to the hacker. Keyloggers like the Ardamax Keylogger can be customized so that it remains unseen in processes.

Trojan Horses
The Trojan Horse malware is used by hackers to steal passwords by transmitting information about passwords via email. Hackers mainly use this malware for financial benefits.

How to prevent password cracking?

Enforce password intricacy checking
Compel employees to use a minimum number of characters, and inspect passwords against a glossary of usual passwords.

Utilize multifactor identification
Multifactor authentication (MFA) requires employees authenticating themselves with various proofs, such as a one-time password (OTP), SMS message etc. Due to expense and inconvenience of employees, most companies use this method only for those employees who has access to confidential data or work remotely. 43 percent of organizations require MFA before permitting remote connections to the organization’s data systems.

Provide password vaults
Password vaults are software applications that allow users to store and manage all passwords. This password vault managers store encrypted passwords, necessitating the user to create a major password, which is a strong password. This gives the user access to their password database.

Don’t login using your password on a public WiFi
Though public WiFi is in place for our convenience, it’s not necessary that it’s secure. Websites that requires you to enter your password to enter it may be risky. Avoid providing personal information on a public WiFi.

Use a VPN
A Virtual Private Network or VPN helps to avoid some of the threats lurking in the public WiFi networks. It routes your internet traffic via a middleman server.

Many organizations are undertaking these measures to enhance the security of passwords and decrease the burden on employees while managing cost. Nearly 16 percent of organizations have implemented MFA, 29 percent have increased the length of password/ intricacy, thus reducing the frequency of password changes and 31 percent of organizations have implemented password vaults.

Although organizations set a strong policy that safeguards them against risks and breaches, they also must employ an endpoint security solution that will help them defend against potential risk, both insider and external.

– Rini Thomas

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments