Sent to you by Chris Hunter via Google Reader:
When you think of a serious security threat, you may think of some clever malicious program that steals your data or takes over computer. In reality, you're just as (if not more) likely to be hit by a much simpler breach – a hacked password.
Once someone has your password for an online account, they can use it however they like. There are a number of methods commonly used to obtain a password, and knowing them can help you protect yourself.
Trying Common Passwords
Any hacker trying to break through a password will first try the most common passwords in the book. Silly though it may seem, a disturbingly large number of people rely on passwords that consist of just a few common numbers of letters. Even the word "password" is commonly used as a password.
Hackers know this, and can reference common passwords to try and gain entry. Though it won't work on most passwords, it works frequently enough to be worth a try. If successful, the hacker can lean back and sip his Mountain Dew.
How to Protect Yourself: This one is simple. Don't use common passwords. This includes single words, popular phrases, and simple combinations of a particular character type (like numbers). Even passwords like "superman" and "dragon" are common enough to earn mention in some studies of commonly used passwords.
If commonly used passwords don't work, and a hacker knows the owner of the password they're trying to bypass, social networking can be used to try and figure out what the password might be.
Hackers know that people who don't use common passwords are still likely to use passwords that have some personal significance. The password might be the name of a pet or a favorite TV show. Such information is often included on social networking profile.
Should trying this tactic still not work, the information available on a social network can be used to construct phishing attacks. Perhaps the target lists that they play a popular online game. A fake email could then be sent asking for password information or linking to a site where password information must be entered.
How to Protect Yourself: There are two steps you can take here. One is to make your social network private to people who are not your friends, and the second is to make sure that you don't use information about your personal life to form a password.
The Weakest Link
Should a hacker still fail to guess a password, they'll have to start breaking out some true hacking skill – but perhaps not much. Most people use the same password on multiple sites, and many use just one password for everything. Hackers know this, and they also know that many sites have weak security.
Using the information found while reviewing your social networking profiles, a hacker may be able to identify sites you visit. Some are sure to be heavily guarded. Others, however, probably aren't. They may be vulnerable to simple exploits that allow for the retrieval of stored passwords, and the owners may never even realize they were hacked. Alternatively, a brute force attack might be used.
How to Protect Yourself: Don't use a single password for every website. Ideally you should use a different password for every site, but that can be difficult. A compromise you might find effective is to use the same password for low security risks, like a blog you visit and comment on, but use unique passwords to protect more important accounts, like your web mail. Yet another option is to use a password manager.
Sniffing Wi-Fi Packets
Open wireless networks can be a nasty security issue because they are – well – open. Information transmitted on them can be picked up by anyone within range of the network, and that includes passwords.
Wi-Fi sniffing can be utilized either personally or impersonally. If someone is trying to hack your passwords specifically, they might see if you frequently visit a place with open Wi-Fi, like a coffee shop. Or a hacker might just set up an operation in such a location and pick up as many passwords as possible.
How to Protect Yourself: One answer is to just not use open Wi-Fi, but that's not a realistic expectation for everyone. If you do use open Wi-Fi, make sure that you do not log in to sensitive accounts. If you have varied your passwords, you'll be safe if a hacker obtains your less sensitive passwords. Also use HTTPS whenever possible. Many sites can use it, but some offer it only as an option.
Like sniffing Wi-Fi, keylogging can be used personally or impersonally. Using information gained about you while attempting to guess your password, a hacker might find a way to send you a file that you think is legitimate but actually contains a keylogger. Once installed, it can detect your passwords as you enter them.
A keylogger can also be installed as a part of any piece of malware to hack passwords. The information can then be transmitted to a location where it is compiled and passwords found. Such wide-scale keylogging attacks don't focus on any particular person, but can be just as damaging.
How to Protect Yourself: Security software can help detect keyloggers and prevent them from being installed on your system. You can find effective solutions for free, so there's no reason to skip it.
Do you have any tips that can help beef up password security? Let us know in the comments. Makeuseof readers are likely to be a bit more security-aware than the average, but nobody is perfect. Sharing information can help us keep our passwords as strong as possible.