Password crackers are becoming increasingly efficient at what they do, helped along by more sophisticated software, previous hacks and lazy password choices. So here are some things to bear in mind the next time you’re asked to create a user account on a new website.
How not to choose a password
This month, BBC security researcher, Per Thorsheim, reported that previous hacks and the resulting password lists that have been exposed online have given password crackers a greater understanding of what types of passwords people use.
It seems that despite warnings not to pick a password containing personal information, many users still choose words, phrases and numbers that link directly back to them. For example, pets’ names, birthdays, children’s names, house numbers, street names or favourite pop stars are all popular choices by many.
Intelligent targeted attacks
Mr Thorsheim went on to explain how crackers no longer rely on raw computer power to crack passwords. He said that ‘brute forcing’ is the last tactic crackers would use today because, even with technological advances, it is still virtually impossible for computers to guess billions of passwords within a relatively small amount of time. Instead, it is much easier for crackers to use personal information left on the web by the user to work out what their password is likely to be.
Today, attacks are likely to be more targeted scouring social media for words, names and dates associated with a victim. Knowing the names of someone’s children, pets, parents or street can help unpick a password very quickly.
Ensure you use more than one password
Ultimately, the bad guys know it’s worth doing whatever is necessary to crack the first password because our natural laziness makes us such lucrative prospects.
Reports state that up to 70% of username and password combinations are used on multiple websites, which means if a hacker can establish your login to one site he has a fair chance of logging into to others too using the same details.
This is the reason that many cyber criminals target smaller sites with less security protection in order to access a list of passwords that can then be used to access other online services such as personal bank accounts.