Welcome to Cyber Threats 101! This is the fifth chapter in our A Busy College Student’s Guide to Online Security.  We’ll begin by defining what are password attacks and share expert tips on how to avoid becoming a victim to these attacks.

What are password attacks?

Password attacks are methods that take advantage of stolen, weak and/or reused passwords used to protect online accounts. In fact, 81 percent of hacking-related breaches in 2016 was the result of an attacker leveraging stolen and/or weak passwords.

Hackers can use one or more strategies to “guess” or crack encrypted passwords, including brute force attacks, dictionary attacks, and keyloggers. Before we get into these attacks, you must first know what encryption is.

What is encryption?

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. It transforms data that you send across the Internet into a format which is only readable when in possession of a decryption key, which provides the code to decipher the encryption.

If you want extra credit, you can learn more about encryption here.

What are brute force attacks?

Brute Force Attacks take a “try-try again” approach to guess password possibilities using automation software. Starting with one-digit passwords, the program will continue to guess longer combinations of letters, numbers, and symbols.

To get a better idea of how brute force attacks work, take a look at this short video from Lynda.com:

What are dictionary attacks?

Dictionary Attacks are based on the idea that we love to use names, places, sports teams, slang, etc. in our passwords. This method also uses automation software to guess different password combinations based on commonly used words that could be found in the dictionary.

What are keyloggers?

Keyloggers are malicious programs hackers implant on a target’s computer system–commonly through phishing emails–and are used to track and record every keystroke you make. It can record passwords, social security numbers, phone numbers, and even your credit card information.

Why shouldn’t I reuse a password on multiple accounts?

You should avoid reusing the same password on multiple accounts because hackers are known to use stolen or weak passwords from a massive data breach or from a password attack to deface your public profiles, commit identity fraud, steal your financial information, or send malicious messages or emails under your name.

Learn from the mistake of Facebook CEO Mark Zuckerberg who’s LinkedIn credentials were compromised in a massive data breach from 2012, which lead to a hacker group also compromising his Pinterest and Twitter pages; not to mention his password was “dadada“.

How do hackers use your stolen or weak password? Learn how “credential stuffing” attacks are used to exploit reused passwords

So how do I create a strong password?

Here are 5 tips to help you create a strong password:

  • Create a password that is–at a minimum–8 characters long. Ideally, your password should be between 12-15 characters.
  • Create a memorable, yet complex password by using a password mnemonic or a passphrase. You can start with a phrase, sentence, song lyric, etc. that is meaningful to you, but wouldn’t make sense to an automated computer program. You can also add a few numbers and special symbols for complexity.
  • Use a mix of case-sensitive letters, numbers, and symbols, but you won’t get away with replacing an “S” with a “$” or changing an “A” to “@”. In reality, hackers and automated password attack programs are already one step ahead of you and can easily pick up on these patterns.
  • Struggling to remember your new password? Write down a hint–not your password–that will jog your memory, but will be meaningless to anyone else. Then, keep it in a safe place.
  • Pro Tip: Use a password generator tool to create a strong password and then store it in a password manager like Dashlane!

If you’re a student, you can get a year of Dashlane Premium for FREE! Click here to learn more! 

Did you enjoy reading this guide? Go back to read Chapter 3: Doxxing and Chapter 4: Swatting