Data breaches are becoming more common-place, and this is only set to increase in the coming months.
In January 2022, 1.2million Microsoft accounts were hacked. Of these, 99.9% of them were because they weren’t using multi-factor authentication, meaning their passwords were breached.
Every computer user has dozens of passwords and logins – from the one-off account you had to make to get a free eBook, to the accounts used for your business to every online retailer used. No one is able to remember so many passwords which is why people tend to have two or three that they use for everything. For years.
What many people don’t realise is, that when a weak password is used, it’s the equivalent of going away for the weekend and leaving all the doors and windows of your house unlocked.
Most attacks aren’t targeted, and instead hackers use a system called password spraying where they take a list of usernames and try the most commonly used passwords against each one. It can be automated and is remarkably successful.
And that is because people are still using easy to remember (and therefore easy to hack) passwords. The most common password is 123456 which can be hacked by a cybercriminal in less than 1 second, whereas even a more difficult one like anthony can be cracked in 17 minutes.
Now consider that many people use the same password for multiple sites, with the same usernames and email addresses. If they can hack into one, they can hack into all. How much information could be gained about you from your online accounts? Address, bank account details, credit card details, children’s school, car registration documents, client details?
Dangers of poor passwords
When your password is breached there is a lot a hacker can do.
Long gone are the days when hacking was about disruption. Today hacking is about money, as cybercriminals have realised how valuable data is.
They don’t just have access to what you see in the app, software or platform. They can install ransomware, malware and viruses which can steal or encrypt all your data on your device or the entire network.
Malware is designed to infiltrate a system’s core functions, spy on activity, and steal, tamper with or encrypt data. They can install adware, or keyloggers which record keystrokes which can be very valuable on the dark web.
Ransomware is a form of Malware and can sit dormant on your machine or network for months before being activated. Then when it is activated all the data on the machine is encrypted. They then demand payment, often in untraceable bitcoin, to retrieve your data or to prevent it being published on the dark web. A survey carried out by cybersecurity company ThycoticCentrify demonstrated that 83% of people targeted by ransomware paid up. The average ransomware demand in 2021 was £418,200.
It is thought that a business falls victim to a ransomware attack every 11 seconds. For perspective in the four minutes, it has taken to read this article 22 businesses have been attacked and 18 of them will have paid.
The strongest passwords should be at least eight characters long and be a combination of upper- and lower-case letters, numbers and special characters.
The more random the selection the better it is – for example al;iui&*^jgfs would be a much better password than Cat^&banana*)123.
However, even if a password takes two or three hours to crack rather than less than one second, it is a single line of defence, and therefore it is preferable to always use multi-factor authentication wherever it is available.
Multi-factor authentication will ask for at least one other form of identification in addition to a password, which could include a fingerprint, a code randomly sent to your mobile, an email link to click on, or a physical USB device to insert into your machine.
Although this may seem like a faff, especially if you are logging in regularly, it does mean that when the hackers manage to get through your password they still won’t have access to your machine as they will need another form of verification.
Even with multi-factor authentication and a strong password it is still advisable not to use the same password for everything you have to log in to. To be secure, you should have a different password for every login.
Using a password manager can make this easier, as there is no need to remember dozens of passwords, or worse to feel that you should write them down. Instead, all your passwords are stored in one secure app, which is accessed by multi-factor authentication.
A Password Manager is also able to spot fake websites and inform you if you are reusing passwords and can work across platforms and devices.
Are you secure?
If you want to improve your security but not sure how, contact Security Everywhere and we can assess your security systems and recommend the best solutions.