Every year, on the first Thursday in May, World Password Day is celebrated, and this year it is even more relevant than ever. Many users mistakenly believe that cybercriminals have an interest in them as a person or in their credentials or computer but it is more an interest in them as access to a company’s network. For this reason, it is important to remind people of the importance of cybersecurity education and the effective use of passwords.
Remote work is increasing significantly, so does the potential for security breaches in a company, and it is for this reason that the robustness and strength of passwords are more important than ever. Passwords remain the most widely used security measure to protect personal data or to allow access to a service, both personally and professionally, and therefore an obvious target for cybercriminals. Check Point Software would like to warn about the main tactics used to steal passwords and provide the necessary advice to prevent a person or company from becoming a victim:
- Phishing attack: This method has become one of the most widely used tools for stealing passwords and usernames. It works in a simple way: An email is sent that appears to come from trusted sources, such as banks, delivery companies, etc. but in reality it aims to manipulate the recipient to steal their confidential information and credentials. One of the best ways to prevent damage from stolen credentials is to enable two-factor authentication. This extra layer of security prompts the user to enter a second password, which is usually received via SMS. This prevents, access to an account even if a cyber criminal manages to get hold of a user’s credentials.
- Brute-force or dictionary hacking: This type of cyber-attack attempts to crack a password by repetition. The cybercriminals try different combinations at random, combining names, letters and numbers, until they come up with the right pattern. To prevent them from achieving their goal, it is essential to implement a complicated password, because time can be of the essence – if the criminals take too long to figure out a password for an account, they will most likely move on to the next one. To achieve this, it is necessary to leave out names, dates or very common words that can be found in any dictionary. Instead, it is best to create a unique password of at least eight characters combining letters (both upper and lower case), numbers and symbols.
- Keyloggers: These programs are able to record every keystroke on a computer and even what you see on the screen, and then sending all the recorded information (including passwords) to an external server. These cyber-attacks are usually part of some kind of malware already present on the computer. The worst thing about these attacks is that many people tend to use the same password and user-id for different accounts, and once one is breached, the cybercriminal gains access to all those who have the same password. To stop them, it is essential to use a single option for each of the different profiles. To do this, a password manager can be used, that allows both managing and generating different robust access combinations for each service based on the guidelines decided upon.
When it comes to ensuring the highest level of cybersecurity, having the most advanced technologies is just as important as preventing risks such as password theft. Both, phishing and keyloggers, are types of attacks that are used on hundreds of devices. This risk can be easily remedied by configuring varied and robust combinations of at least eight characters interspersed with letters, symbols and punctuation. This will make it much harder for cybercriminals to get hold of the passwords and ensure a high level of security across all computers – so make sure your first line of defense is as secure as possible.
This article is part of our World Password Day Special – read more about passwords here.