Password Security: How Hackers Steal Data & Savvy Users Keep It Safe

October 30th, 2014

password-security-300x243Digital security has never been more essential than it has been this year. Cyber crimes are becoming more creative and more devastating. Here are several examples of recent cyber criminal attacks:

  • Russian hackers had stolen 1.2 billion unique password and user name combinations.
  • Two US supermarkets announced they too had been hacked. Customers' credit card information was stolen from 180 stores across seven states.
  • Hackers targeted the healthcare industry. Over 200 hospitals across the US suffered from a major  security breach. The criminals took 4.5 million patient records by exploiting a flaw in a system made vulnerable by the Heartbleed bug.

How Hackers Are Doing It

This latest generation of cyber thieves are spending time and energy creating more tools to cause more attacks. Currently, the most newsworthy method is breaching the security of a major corporation or organization. Unfortunately, there's nothing that the average person can do to protect his or her information from this type of attack.

Hackers also steal their victims' information by cracking passwords. They do this by systematically running through every password possibility. Criminals can narrow down the search using known details about the password or user.

Another popular hacker trick is phishing; when hackers pose as trustworthy companies to trick people into giving up their sensitive account information.

How Users Are Staying Safe

One effective way a user can stay safe from cyber attacks is to revisit password strategies. In order to properly use passwords, one must understand the concept    of password strength. IT professionals evaluate the durability of a password by classifying it in terms of bits. In short, the more bits a password has, the stronger it is. The use of symbols, numbers, and case-sensitive letters can substantially improve password strength. A single strong password isn't   enough protection, but the best strategy is to use a unique strong password for every account.

Password Managers

Password managers offer a convenient solution for the handling of complex passwords.  These applications typically provide features for the generation and storage of passwords. Many password managers also provide automatic password auditing to identify weak or shared passwords. Some even issue  alerts in the event that a password is compromised.

Multi-Factor Authentication

Standard authentication, or logging in, relies on a username and password. If an attacker obtains the password associated with a username, they can easily compromise the related account. As its name suggests, multi-factor authen-tication (MFA) instead relies on multiple pieces of information, providing an added degree of protection.

Typically, MFA requires two pieces of information: something you know and something you have. For example, in order to access your bank account through an ATM, you need something you know (your PIN) and something you have (your card). Similarly, accessing an MFA-enabled account requires not only a password,  but also interaction with something you have, such as a mobile phone or digital fob.