Have you fallen for any of these?
Passwords are the initial gatekeepers to your online privacy. If you are like most of us, you probably are sick and tired of hearing about password security. That demand every three months from your financial institution that you reset your password is SUCH an annoyance. So why the concern about password safety?
While some of your passwords protect access to sites you might consider full of relatively benign information, such as social media sites, they actually contain a lot of information useful for identity theft. And of course, passwords restrict access to important information that every cybercriminal is interested in: your financial data. Not to mention if you pay your utilities online. A utility bill is often a required piece of documentation when taking out loans. So let’s look more closely at password security.
Passwords can be stolen in a number of ways.
- Viruses that are downloaded from a phishing email or a visit to a corrupted website may allow the tracking of keystrokes. Very shortly, the hacker has identified the login and password information to almost every site you visit. These types of malware are especially insidious as they lurk in the background and don’t provide the user any
identifiable hint that they are on the computer.
- Similar to the above are password-stealing trojans that take advantage of web-browsers that have auto-fill capabilities. This refers to a browser’s feature that offers to remember your login information to every website you visit and auto-fill when you return, saving you the nuisance of finding and re-entering the info each time.
- Emails can also be “guessed.” Password crackers use tools that try to break the password with blunt force, essentially running combinations of characters until it hits the right one.
- Then there is always laxness on the part of the user. You may rarely change your password, or for convenience, use the same password for all of your accounts. At work, you may leave a page open on a shared computer or give a password to a trusted colleague for the convenience of not having to login again and again on a shared computer. This can be remedied with a password manager, that helps store complex unique passwords for each site you visit.
- Phishing is one of the most popular and successful tools out there. Using social engineering, they trick the user into thinking they are getting a request from a legitimate site, vendor they have used, etc. There is a link to a fraudulent website that is almost identical to the real one and it asks for a password. Or else there is a link available that, once opened…that cat is out of the bag.
Consider a regular security awareness program for your employees, that includes periodic training and simulating phishing to provide regular reminders of good password hygiene.