We live in an increasingly digital age. From our financial and personal records to our private conversations with friends, data is stored across websites and mobile apps designed to make our lives easier and more efficient. With this ease, comes an increased risk for identity theft, crippling data loss, and a comprehensive breach of privacy.
The first line of defense is your password. While it might seem like a second thought when you're signing up for an account, your password is one of the most important elements of your frontline digital security measures. The unfortunate reality is that many people continue relying on old, weak, and repeat passwords to safeguard their data.
Cybercriminals have a wide variety of tools at their disposal that can snag your information, including many that are freely available on the internet (and there are new methods emerging every day).
So how is it done and, more importantly, what can you do to protect your data?
How Hackers Get Passwords:
Network Interception
Free Wifi? Sign me up! Or don’t…
Passwords can be intercepted as they are transmitted over an unsecured network. It could happen when you're at the coffee shop, in the supermarket, or even at home if your personal network isn't secured.
Brute Force
Hint: If your password is 12345, it probably won’t take very long.
Through automation, hackers are able to run algorithms that plug into your account and begin running through the most common passwords to break into your account in a matter of minutes - maybe even seconds - if your password creation methods aren't strong enough.
Searching
Remember when your browser asked if you’d like to store your password and you said, “Heck yes?”
An IT infrastructure can be searched for electronically stored password information found both in your browser and saved directly on your hardware itself.
Old-Fashion Theft
Did it really seem like a good idea to write your password on a post-it note and stick it under your keyboard?
Remember actual theft? Like someone physically taking something?! Yeah, it still happens! Penciling your passwords on a notepad, putting a sticky note under your keyboard, or keeping a cheat sheet between your phone and case are all common locations that someone will automatically look if they're trying to gain access to your accounts.
The Guessing Game
Are your birthday, anniversary, and maiden name displayed on your social media profile?
From common passwords to simple names, passwords based on personal information such as names, important dates, and addresses can be easy to guess without the use of technology. For someone already familiar with the way that you work, access to information could be gained within a few seconds of you running to the restroom at a restaurant or grabbing a refill at the coffee bar.
Social Engineering Traps
Attackers have much more subtle tricks up their sleeves.
"It's me, the cousin you never talk to! Could you remind me what street you grew up on? Oh and I'm making you the beneficiary on my will, could you give me your social security number?" The questions might not always be this blunt, but you get the point. Hackers are using social engineering to more effectively gain access to confidential information by acting like your friends or family to learn more about your past and interests in an effort to crack those security questions guarding your account from unwarranted password resets.
Shoulder Surfing 
🎶 "I always feel like somebody's watching me." 🎶
When you're logged in, you're locked in - totally focused on your screen and the work that you're trying to get done. While you might be a powerhouse of productivity, it's easy to block out your surroundings and not notice someone standing behind you, watching as you type in your account password. With that information, they only need to gain access to your machine once for your entire data library to be compromised.
Key Logging
Next time you consider clicking on a suspicious link, remember what curiosity did to the cat.
Once installed, a keylogger can track every stroke of a key on your keyboard. From personal information to important passwords, it's all logged and transmitted directly to someone trying to gain access to your accounts, your funds, or even your identity.
How to Protect Your Passwords:
-
Say no to obvious and common password choices.12345, password, qwerty, or personal information such as birthdays, anniversaries and names.
- Don’t store passwords in plain text format.
...or on scraps of paper within reach of your devices... - Change your password often.
Don’t hesitate to reset it if you feel there is a possibility of compromise. - Use account lockout and monitoring.
Automatic lockouts and notifications help prevent brute force attacks from gaining access to your information. - Don’t use the same password on multiple accounts.
This can create a domino effect that allows hackers to take down multiple accounts with a single password. - Use Two-Factor Authentication.
By using 2FA as an additional layer of protection you can significantly decrease the risk of an attacker gaining access to your online accounts. - Keep it secret, keep it safe.
When it comes to sharing passwords - don't.
Cybercriminals searching for personal information are always on the hunt for new ways to get around security features and access your personal information. Even for those that follow every tip, there is still an inherent risk created by being online and active in the digital space. However, by taking the right precautions, you're able to minimize risk and maximize security while keeping your productivity on track.
