All that stands between a hacker and your sensitive information is one puny password. You may think that your password is uncrackable because it has served you well all these years, but the reality of the situation is that an experienced hacker can break almost any password. Here are the most popular methods.
One reason why you don't want to use simple words when creating a password is because several hackers use software that automatically tries the most commonly used passwords (like "password"), and there are additional hacking programs that can quickly try all the words in the dictionary.
Brute Force Attack
A brute force attack is like a dictionary attack taken to the next level because it goes beyond known and popular words by trying every possible alpha-numeric combination possible, like "aaa1" all the way to "zzz10". To help clarify what you're likely envisioning, attacks like this don't equate to a shady dude sitting at a computer going down a list and entering in the every potential password one at a time. Instead, hackers employ advanced tools that can plug in thousands, millions, or even billions of word combinations per second.
In fact, in brute force attacks, hackers are only limited by their computers' processing power. For example, a hacker using a single graphics processor like a high performance AMD Radeon HD7970, along with an advanced password-cracking algorithm can try 8.2 billion password combinations per second (and that's just with one computer). If a hacker installed a couple extra GPUS then they can increase their speeds by up to three times.
A hacker attempting to guess a user's password is likely not a malicious hacking group working remotely with powerful software, instead, a hacker trying the guessing method is typically somebody that knows you well enough to try plugging in the names of your kids and pets into the password form. Don't underestimate your "friends". Getting hacked by someone you know can be just as destructive as getting hacked by an anonymous user on the web, except it's worse because you will feel the pain that comes with betrayal.
A hacker is able to remove the guess work by employing a method called social engineering. This is where a hacker will resort to trickery to get the password from an unsuspecting user. One example of social engineering is when a hacker calls your company posing as your IT service provider and asks you for your password. At Palindrome Consulting, we would never call you out of the blue just to ask for your password, and we strive to maintain a strong working relationship with our clients so that you will know for sure it's us calling you. If you're not sure it's us on the line, you can ask specific questions that only we would know the answer to.
Beware of entering your password with someone looking over your shoulder. This is more of a threat for companies that have several employees wearing uniforms. Working in these companies are used to seeing coworkers walk around the office that they may have never seen before. Surfers can obtain passwords in more ways than just looking over your shoulders; they can also rummage through your desk and find the piece of paper that has all your passwords written down on it.
Fortunately, hackers primarily target accounts with weak security or users that aren't careful with keeping track of their passwords. You can protect your accounts by implementing solid strategies to protect your network's security, and by coupling it with the latest and greatest security solutions available.
One comprehensive security solution that Palindrome Consulting offers is our Unified Threat Management (UTM) tool that covers all of your network security bases. Even if you engage a UTM solution, you will still want to educate your employees on solid practices like how to store passwords digitally instead of using Post-it notes. To learn more about UTM, best practices in password creation, and network security, give us a call at 305-944-7300.