If you want to protect your data and accounts, you really have to think like the enemy…
There’s no doubt about it: hacking is on the increase. According to Symantec’s annual Internet Security Threat study, there were nearly a million new malware threats released every day in 2014 – from viruses and spyware to trojan horses and other malicious programs. While ransomware attacks – where access to a computer is restricted by hackers until a fee is paid – increased by 113 percent.
And it costs us all money: McKinsey & Company estimates that cyber attacks will slow the pace of technology and business innovation over the next few years and cost the economy as much as $3 trillion annually.
So defeating the cyber criminals should be a priority for all of us. To do that, however, we have to get into the mind of the hacker – to analyse the security gaps they’re looking for. And understand that, in terms of passwords, they’re desperately hoping we’ve picked up some bad habits. Such as…
- We’ve gone “short & simple”
They’re easier to remember, perhaps, but in terms of data security, a short and simple password is also far easier to hack with what are called brute-force attacks – where all possible keys or passwords are tried until the correct one is found. The key is build what is called ‘entropy’ by choosing passwords with more than eight characters and adding “special characters” (such as capital letters, symbols etc). Or better still, a truly random password – something that, of course, Dashlane can help you with…
- We let our fingers do the walking
A recent investigation of 15 million accounts by hosting platform WP Engine revealed an odd habit – that while many people had seemingly random passwords (such as “qaz2ws” or “adgjmptw”), they’d chosen them by typing simple patterns on their keyboards. But beware: password crackers such as Passpat use keyboard layouts and clever algorithms to measure the likelihood that a password is made from a keyboard pattern.
- We’ve left clues everywhere
Being sentimental old fools, we’re very likely to create passwords from details of our own lives – such as our birthdates, pets, mother’s maiden name, favorite football team and so on. However, this leaves us vulnerable to what’s called social engineering, where many of these details are also available on social media (e.g. Facebook). This makes it simple for hackers to sift through these biographical clues and work out the ‘base phrase’ that you’ve based password on – and then gain access via what is called a dictionary attack. Only random words – or, better still, randomly generated alphanumeric sequences – are truly safe enough.
- We think we’ve been clever
Many of us attempt to build entropy by choosing a simple phrase – and then complicating it by using a combination of upper and lower case letters or tran5p05ing numb3r5 f0r l3tt3r5. But analysts found that even supposedly sophisticated passwords used obvious base phrases such as “password” or “qwerty” as their base. Which is all hackers need. Purpose-built password-breaking software such as HashCat is capable of taking 300,000 guesses at your password a second – by taking common base phrases like these and trying obvious variations and permutations.
- We happily use public WiFi
Jumping on the free WiFi connection your local coffee shop, at the airport or even in your building seems innocuous – but it can leave you vulnerable to a method of hacking known as a man-in-the-middle attack. In simple terms, this is a situation where a malicious eavesdropper (the “man in the middle”) is able to read (or write) data that is being transmitted between you and the website you’re browsing. Meaning your data, emails and keystrokes could be intercepted without you knowing. Eliminate the risk of this by avoiding Wi-Fi connections that aren’t yours and deleting these networks from your devices – but also make sure your Wi-Fi connection is secured with a unique, private password.
- We’ve never deleted our old login emails
On average, we each now possess more than eighty different password-protected accounts – everything from social networking to home deliveries. So it’s understandable that many of these login details will still be stored on your main email account in the form of the signup emails you were sent when you joined. But what happens if that email is compromised? For the hacker, your email is a goldmine. Services like Unroll.me will quickly identify unwanted subscriptions and unsubscribe you from dormant accounts.