Cybersecurity: How Passwords Are Being Broken

Throughout the whole month of January, fintech times It will explore every dimension in one of the industry’s most pressing topics: cybersecurity.

As we head into the final phase of our cybersecurity coverage, this week we’ll investigate the backbone of the practice itself – passwords.

Passwords form the basis of everyday cybersecurity, and are the primary line of defense between personal and sensitive data and the claws of cybercriminals. In this week’s coverage of the topic, we’ll look at the relationship between biometrics and passwords, the future of the password industry and how you can better manage your passwords.

But before we move on to those interesting topics, we should start today from the beginning, with how to crack passwords.

How are passwords cracked?

Jason Dozel, CEO and co-founder of software development company Natural HR
Jason Dozell

“Password attacks are a common form of personal and personal data breach, in which hackers compromise passwords in order to gain access to systems, networks, or physical locations, or for financial gain,” he explains. Jason dozel, CEO and Co-founder of natural >> adjective Human Resources. “Research has found that 81 percent of data breaches in 2020 were due to login credentials being compromised.”

Due to the advanced developments in technology, the techniques used to hack passwords are becoming increasingly complex; Keeping pace with cybersecurity innovation. And while the arms repository used by cybercriminals is more comprehensive than ever, recent data has highlighted the prevalence of some technologies over others.

Therese Schachner, Cyber ​​Security Consultant at VPN Brains
Therese Schechner

Namely, phishing attacks, which 75 percent of businesses experienced at some point during 2020, are becoming hugely favored. Phishing is the use of deception in e-mail or other electronic means to obtain private information, such as passwords, From Users, “From Comments Therese Schechner, cyber security consultant at VPN brains. “An example of phishing is an attacker sending an email or creating a web page, impersonating a known brand and asking users to log into their accounts, with an incentive like a big sale. Unsuspecting users who enter their login information send files passwords and other login credentials of the attacker”.

As one of the major byproducts of the pandemic, more and more consumers and businesses are developing a broader online footprint while embracing the daily use of technology. However, the downside to this progress is that an increasing number of users are also becoming more vulnerable to these types of attacks; Especially with regard to the ever-spreading of remote corporate teams.

As Dowzell explains, dodgy emails open the door to cybercriminals, while also compromising password security: “Phishing typically takes the form of an email, perhaps from an IT department, a senior manager or email provider, and asks Everyone resets their passwords and clicks the link to do so. These links often lead users to fake password-reset pages in the hope that users will voluntarily reveal the password.”

Apart from email-based offline attacks, cybercriminals also exploit local software to bypass and disrupt password stability. This type of attack is known as malware, and it can boast many different interfaces. Viruses, worms, rootkits, and ransomware are common in a malware attack, and as Schachner explains, the use of keyloggers and Trojans is also: “Attacks use keyloggers to secretly log and extrude the keys that users type on their keyboards, including passwords that users type while logging into their account. Another type of malware is Remote Access Trojans (RATs), which allow attackers to gain secret remote access, with administrative privileges, to a computer. With RATs, attackers can extract saved and cached passwords and capture screenshots of the login pages where users entered their credentials.”

Schechner goes on to describe other techniques used to bypass passwords, including the use of hack tools: “The crackers test large amounts of common elements. passwords And passwords which has Also Leaked, as well as variations and combinations of them, so guess what is correct passwords. With these tools, attackers can make informed guesses passwords in an effective manner.

An example of one of these tools hashkat, which calculates the hash, or the value representing a string of characters, for each The password The attacker guesses. Then Hashcat compares each hash to the known hash of the correct one The password In order to determine whether to try The password correct.”

The widest number

Although we have considered quite a few malicious practices used to crack passwords, the broader attitude around password and password management may also contribute to their weaknesses. For anyone who has used a password before, the difficulty of remembering it will be a familiar sensation. Although many sites recommend using uppercase and special characters for password strength, this approach can also bring it down. “Many companies have strict policies for changing passwords every 30, 60 or 90 days, which actually leads to poor security,” Dowzell explains. “Employees have countless passwords to remember, and forcing them to change these at regular intervals results in poor security hygiene as they type them or makes them as easy to remember as possible.

“As such, a lot is based on bad practices and they use simple passwords like ‘123456’, ‘qwerty’ or even ‘password’ across multiple systems and accounts. Ultimately, this makes it easier for cybercriminals to crack passwords and access data or systems that They shouldn’t be.”

James Burr, Director, Bores Consultancy
James Burr

But in light of that, mosques cavity, Director borers Consulting, points to a lack of host security as a catalyst towards password inefficiency: “Passwords are generally now compromised through cases of password reuse and site hacking. If you use a password on a banking site, and in a small online store, then if you are The online store for hacking (and has poor security practices), the password and the associated email address are now effectively public knowledge. Of course, there are also comprehensive dictionaries for common passwords used in brute force attacks, and rainbow tables are used to retrieve hashed passwords from hacked sites, but reuse is how the vast majority of passwords are cracked.”

bottom line

Although password management is an area that is set to be explored later this week, it is still worth mentioning some remedies that can be put in place to prevent the development of these malicious methods.

As Dowzell explains, the best offense is a good defense, which can include the likes of public education, the use of extended online caution, and of course the use of more complex passwords: “Employees should be encouraged to exercise caution, avoid clicking on any links from unknown senders and questioning Even the acknowledged sender if the email is suspicious.As a result, training employees in what constitutes a strong password, how to practice good password hygiene, and how to identify security threats or phishing attempts is critical.

“Passwords should be created with length in mind (the longer, the better!), rather than complexity (including uppercase and lowercase letters, numbers and special characters) to make them more difficult to crack.”

  • Tyler Smith

    Tyler is a junior fintech journalist with specific interests in online banking and emerging artificial intelligence technologies. He started his writing career for a large number of national and international publications.

  • Polly Jane Harrison

    Polly is a North Wales journalist, content creator and opinion-maker. She has written for a number of publications, usually hovering around the topics of fintech, technology, lifestyle and body positivity.

Leave a Reply

Your email address will not be published.