By Jairo Romero
Whether we are happy about it or not, passwords are going to be around for a long time. They are cheap to deploy but also act as the first line of defense in a security arsenal.
Cybercriminals are constantly on the hunt to steal passwords from anyone in any organization. There are no restrictions for a cybercriminal to attempt an attack on an organization. You might think that your organization is small, or you are just a single person with no business why would they go after you? And how can they possibly reach me for an attack?
Here’s how: Cybercriminals simply deploy computer software called “bots” onto the internet. These bots have one job: search and find. Days go by and you then find yourself surfing the internet or checking email when an ad for a great item on Amazon catches your interest. To view it, you need to log into your Amazon account. You log in and purchase the Item. Well, just like that, your password has been compromised and your Amazon account breached.
The thief may not use your data right away, but once a cybercriminal has a hold of thousands of passwords, they will sell the lot on the Dark Web. The Dark Web is part of the internet where cybercriminals make their living. It’s not visible to search engines and requires the use of an anonymizing browser called Tor to be accessed.
Although cybercriminals have several password-hacking tactics at their disposal, many are time-consuming. Buying passwords on the Dark Web is a quick, easy, and convenient way to collect login credentials and passwords. They may use the information themselves to hack your system, ransom your data, or to access your (or your clients’) PII. Or they may resell it; there’s a lot of money to be made buying and selling passwords on the black market. If you’ve been using the same password for many years, chances are it’s out there on the Dark Web for sale.
Users can protect themselves by using password combinations that keep unauthorized users out of their accounts. This means creating pass- ”words” using a mix of letters (upper and lower case), numbers, and symbols that have no ties to your personal information (such as birthdays or names of pets or family members), and no dictionary words (words like Giraffe or Vehicle will be cracked instantly). It’s also critical that you use a password manager instead of saving passwords to your device.
Stay away from the obvious. Spice up your password game and steer clear of those boring and predictable choices like 1234 or “password”!😊
Password Security and Management Tips
- Ensure a strong, unique password is set for all accounts.
- Use a combination of upper- and lower-case letters, numbers, and symbols in passwords.
- Use easy-to-remember passphrases rather than passwords, that have a minimum of 14 characters.
- Never reuse passwords on multiple accounts
- Don’t use information in passwords that can be found in social media profiles (DOB, spouse, or pet name, etc.) or is known to others.
- Ensure 2-factor authentication is set up, especially for accounts containing sensitive data.
- Use a secure password generator to generate random strings of characters.
- Avoid using dictionary words and commonly used passwords.
- Use a password manager for creating and securely storing strong passwords and set a long and complex passphrase for your password vault.