Password security

Password security or protection is a security measure that is used for protecting any information that is accessible from computers from unauthorized personnel. The goal is to restrict any authorized person from having access to the system with a view to ensure the security of the information and reduce its susceptibility to alteration or misuse.

In essence, when you password protect a computer system, anybody without a knowledge of your password will not have access to that system. This is the first step towards IT security because it is the first form of defense against both internal and external intruders that may have the goal of attacking the system via the Internet.

Types of password attacks

Despite your best efforts at providing adequate security for your computer system and the valuable information safely kept in it, hardened cyber criminals will make an attempt at breaching your security by using any of these techniques:

 1. Brute force

 This is the most notorious and one of the most successful password attack techniques. A hacker that is hell bent on having his or her way will use a computer script or program to try to gain access to your computer by using a combination of passwords. The hacker will launch his first attacks on simple and easy-to guess passwords.

 If that doesn’t work, he progresses to more difficult passwords by trying all the possible alpha-numeric password combinations, starting with aaa1 and working through to zzz10. Think about this, if you are working in a company and a hacker has your company list, he can use the list to guess usernames and passwords.

Therefore, if you are working in an environment where the Internet is hugely used, you are at the risk of attack.

 2. Dictionary attack

Hackers are conscious of our laziness when it comes to choosing a password for a computer system. They try to exploit this laziness when launching a dictionary attack. The hacker will use a script or program to launch his attack by working on all the common English words to gain access to your system.

This is Wikipedia’s definition of dictionary attack: “… a dictionary attack tries only those possibilities which are most likely to succeed typically derived from a list of words, for example, a dictionary (hence the phrase dictionary attack). Generally, dictionary attacks succeed because many people tend to choose passwords which are short (7 characters or fewer), such as single words found in dictionaries or simple, easily predicted variations on words, such as appending a digit.”

If your password is made up of simple English words, the attacker will gain access to your system in a couple of minutes. That’s how powerful the dictionary attack is.However, even if your password is difficult, that is not a 100% guarantee that you are not vulnerable to attack.

3. Key logger attack 

The key logger attack is a bit different from the other password security techniques discussed above. When launching a key logger attack, the hacker will track all your keystrokes with a malicious software or virus that you are tricked into downloading as a harmless file that is carefully embedded in your email.

Since all your keystrokes are tracked and recorded, the hacker will have free access to your login ID and password. You can’t predict the next line of action of the hacker after getting the information he is after.

4. Phishing

Phishing is the new poster boy of password attack. Through a seemingly harmless email, you will be directed to another seemingly genuine but fake website where your login details will be requested.

To make this attack technique successful, the hackers usually fake online banking and payment system or other sites where your password will be required. If you ignorantly submit the passwords, consider yourself hacked. Rather than going through the stress of hacking your password, the hacker will trick you into willingly revealing such sensitive information. That makes it easy for him to have a go at attacking you.

5. Social engineering attack

 This is the favorite attack technique of some dare devil cyber criminals. It is the technique used by cyber criminals to trick innocent people into divulging their sensitive information by taking advantage of human-to-human relationship and interaction. They carry out this attack by using the simple techniques:

i. The attacker may give you a call purportedly from your IT company asking for your password for some verification process during a phony maintenance process. If you are gullible enough to fall for their scheme, you have exposed yourself to attack.

 ii. Some hackers have so much confidence that they will don a suit and a badge and walk directly to the receptionist of a company and directly ask for the password to the company’s access network under some crazy disguise.

iii. In some cases, the hackers will get all the necessary information by putting a call or two across to your vendor. Funny enough, you can’t guarantee that your vendors won’t release the information. If you doubt that, read the heart-rending account of how a man has his digital life completely wiped off with just two calls to Apple and Amazon. Yeah, you read that right: the tech giant, Apple, and the reputable online store, Amazon.

It is quite surprising that many people have fallen for these gimmicks and that has led to compromising their personal or business account with an amazing degree of success

Common mistakes by users

Some simple and seemingly harmless mistakes can cause a serious breach of your IT security. Most of the time, these mistakes are accidental and often overlooked as unimportant. Yet, they can cause you serious cyber security risk if you commit them.

Without a doubt, committing any of the common mistakes discussed below can put you in a serious security breach that can have a direct negative impact on you:

i. Device loss or theft: Losing your device accidentally or through theft increases your security breach by 3.3%. In some studies, it was claimed that the security breach may be increased by as much as 15.3%. Either way, your chances of losing your security increases if you lose your device or it is stolen. The thief can go through your messages, files, images, documents, videos, or business files to gather relevant information about you. He can use the information garnered through this means to breach your security.

ii. Document errors: Errors stemming from document rank high among the most common mistakes made by users that can lead to serious data breach. Some typical example of such errors include sending sensitive information to the wrong recipient, accidentally publishing your private information to a public web server, or carelessly disposing your confidential work information, and other related errors. If you commit any of these errors, your exposure to identity theft increases. Hackers can steal your information and use it as an asset to either blackmail you or use it for a direct attack on you.

iii. Internet spyware: A little over 50% of all cases of security breaches occur through employee’s abusing access privileges according to a study. When clicking pop-up adverts or downloading software, any accidental click on malicious spyware or downloading malicious software will give hackers the information they are after. That exposes the company to cyber-attacks.

iv. Enabling password reminder on your browser: Some people make the mistake of giving their browser the permission to save their password to make login into their account easier in the future.Well, if you have the habit of giving this permission whenever you visit a site, you are committing a blunder that can cost you your information. Some hackers can easily get your password from the browser and use it for whatever purpose suits them. I am sure the purpose won’t suit you.

Watch out for these blunders and try to avoid them at all costs. Otherwise, you run the risk of accidentally providing your sensitive information to criminals that cannot be trusted with a piece of information of that level of confidentiality.

How to protect yourself from password breach?

While it is true that hackers can come up with different means of breaching your password security measures, there are tons of practical tips that will keep hackers at bay or reduce their impact to a reasonable level. Consider applying these tips to protect your computer and see your security measures receive a massive boost:

i.   Install anti-virus software: This is an efficient technique that works to reduce any cyber-attack via a virus and other related harmful computer programs. For instance, cyber-attacks like keystroke logger can be prevented through the intervention downloading such harmful programs to your system.

ii. Don’t click links indiscriminately: Phishing attacks are done by embedding links to harmful websites in an email message. Clicking such link exposes you to the danger of cyber-attack. If you cultivate the habit of not clicking any link that is attached to your mail, you can reduce your exposure to attacks via a phishing email. The simple rule is that if you have an iota of doubt about the authenticity of a link, obey your instinct. Don’t click it.

iii. Restrict access to your system: Ensure that your computer system is not accessible to every Tom, Dick, and Harry. Restrict access to your system to people you can trust with your life. That will reduce the risk of having your password bypassed. If you can’t account for those who visit your system, you can’t pinpoint the last user or whoever has a secret plan of harming you. That may jeopardize your security measures.

 iv. Don’t visit any website you don’t trust: If you receive a mail directing you to another website, trust your instinct. And if you accidentally click the link, don’t give your confidential information on request. No serious-minded financial institution or company will request for your sensitive information online. The common practice is to contact you in person if such information is really needed.

v. Don’t share your password: Sharing your password with other people increases the chances of the password getting to someone without the best intentions for you. What is more, it can be very challenging to know who to trust and who doesn’t deserve your trust.If you don’t know who to trust, you should keep your password to yourself, and not anyone else just as you can’t give your home key to someone you hardly know.You need discretion here. That will save you from heartbreak.

Although there are different ways hackers can attack you and trick you into giving them your confidential information, you can still wage a good war against them. These simple but effective security tips will help reinforce your security and reduce your exposure to attacks from the cyber world.