February 2, 2015

Think Twice About Your Password: Hacker Attacks and Loopholes

Think Twice About Your Password - Hacker Attacks and Loopholes
The most common security tip you’ll get from any web or PC expert is “Choose a strong password that you can remember while others can’t”. But, how strong is your password? Choosing an uncomplicated password makes your online security vulnerable. You may be using hundreds of online services like banking, shopping, and other web utilities, all of them must be password-protected. Although, the web services provide basic encryption methods to save your passwords, the chances of getting hacked is still higher. The web servers in big companies like Sony, Yahoo, Twitter, etc. have all faced this bitter situation. So, it is absolutely clear that hacker attacks and loopholes in hardware and software pose a great threat to your web identity.

Analyzing the real-world statistics, about 17% of all users employ real words or names as password. The largest password hacks in recent years include Sony PlayStation Network (77 million accounts), Evernote (50 million), Gamigo (8.24 million), LinkedIn (6.5 million), Yahoo (450,000), and Twitter (250,000 accounts). The hacked information consists of credit card details, username, email, addresses, encrypted passwords, and voice passwords.

Despite whether you change your password regularly or not, it doesn’t make any difference to forthcoming attacks from hackers. In this article, I’ll discuss about how hackers steal your password and the ways to protect it.

REMEMBER HACKERS ARE AS CLEVER AS YOU ARE

Underestimating a hacker’s ability and methods they chose to rob your password is the last thing you’d do and it is a complete folly. The web services offers you not more than a basic encryption to store passwords on their servers. The password crackers and brute-force-attacks are so powerful these days that, they oblige less than a minute to break or decrypt passwords no matter how long your password is. Most importantly, making use of one password for multiple passwords would be a terrible sin, and if the hacker cracks for one account, all the other accounts will be in danger.

Master Password Combination

The user security analyst at PayPal, Markus Jakobsson told an easily employable password strategy which says that, “Combine a master password with a page-specific password”. For instance,

  • The master password would be for example, Ms45& (containing no personal data), with a character chain that is unique for each website.
  • So, for your Twitter or Facebook account, you could possibly add a hexadecimal code for the color of the banner or background “3C4990”.
  • Avoid predictable characters like your nickname, surname or name of the site, etc.
  • If possible, note-down the site-specific password parts for quick remembrance, but not with the master password part.
  • Be creative in choosing the security question for password recovery, in case you forgot.
  • Create one email address for password recovery for alternative purpose, and could be better if you create exclusively for this one reason.
  • The worst-case scenario would occur when the hacker cracks the alternative email address and cracks the chain reaction. So, be careful in protecting the alternative email address as well.

The Most Common Passwords:

password    abc123    dragon    123456    batman    michael starwars    taylor    daniel    computer password@123    helloworld 696969    letmein    monkey    sunshine    654321    ashley qwerty    devil    chritmas    iloveyou    trustno1    football

EMAIL: TWO-LAYER AUTHENTICATION:

Two-factor or Two-layer authentication is currently supported by only a few email services like Google and Yahoo and others failed to provide this second level of security for several reasons. You have to authenticate yourself with an eight-digit long numerical code in addition to typing in the actual password, which can be received either via SMS or Mobile App. If someone knows your password and tries to log-in from another unknown device, you will receive an SMS alerting you. And, thus you can immediately change your password, considering it as a danger signal.

GMAIL -> Click on the Username -> Account -> Security -> 2-step Authentication -> Edit

Gmail's Two Step Authentication

Many if you feel this two-layer authentication a bit hassle, but more than the comfort zone, it is the identity which you want to protect and that’s the only thing you need finally. If you are a complete lazy person, then a more comfy solution would be using a password-safe site such as LastPass, which stores your login data in a 256-bit powerful encryption algorithm and master password-protected online storage. It automatically fills in the log in fields using synchronized browser plug-ins and apps through any device.


There are two significant advantages of using this kind of password-manager:
  • You don’t need to remember the passwords anymore, and
  • Keyloggers or Trojans cannot record password entries from the keyboard.
But, once the hacker or anyone who knows your master password, either from your PC or from the server of the service, the resultant would be terrible to imagine. All your login data will be accessible easily than ever.

SMARTPHONE AUTHENTICATION:

Apple has recently launched the FINGERPRINT AUTHENTICATION in its latest edition – iPhone 5S. Although, the longevity and performance will be tested in the coming days, but the point is if the fingerprint authentication would become stable, then your mobile device will be more secure than ever. The fingerprint scanners have been present on notebooks, keyboards, or external USB scanners for many years. But when it comes to mobile devices, Apple iPhone takes charge as the first mobile device with the fingerprint authentication. It stores passwords, documents or images in an encrypted manner.

iPhone Fingerprint Authentication

Apart from the new fingerprint authentication process, most mobile devices offer the basic lock code, PIN or pattern for the device as well as SIM card, which are simple to handle, and therefore dangerous. Hackers can even reproduce lockscreen patterns using the fingerprints on the display which also makes a security concern.

Microsoft introduced a new protection feature in Windows 8 OS mobile devices, in which you can MAKE IMAGES AS PASSWORDS. You have to make a gesture on an image, say a point, a circle or a line between two image elements. The gestures are as secure as complex passwords and can be entered on touch devices quite easily. But, according to some security analysts, these type of passwords are easily crackable, for several reasons.

Windows 8 -> Open Charms Bar [Win] + [C] -> Settings -> PC Settings -> User -> Create a Windows password -> Click on “Generate Image Code”

Android 4.0 and above Smartphones could unlock using FACIAL RECOGNITION, also known as “Face-Unlock” function. It requires a number of attempts like blinking an eye, etc. but is powerful and secure than other unlocking features.

WINDOWS: A VIRTUAL KEY PASSWORD

You could use a USB stick as a virtual key instead of entering it via a keyboard. Microsoft has been offering an incorporated solution for this purpose since Windows Vista. With BitLocker Drive Encryption, choose a partition with your data and protect it by using a PIN code or USB stick. Once the process is complete, the USB stick with receive a file with the key, which unlocks the drive as soon as you begin the computer. You can set-up this at,

Control Panel -> System and Security -> BitLocker drive level encryption -> Turn on BitLocker

Windows BitLocker Drive Encryption

Finally, summing up all the above things, one should create a complex password following all the above said things which cannot be concealed by hackers or other intruders. If you have any suggestions, please make them in the below comment box.
Share this post
  • Share to Facebook
  • Share to Twitter
  • Share to Google+
  • Share to Stumble Upon
  • Share to Evernote
  • Share to Blogger
  • Share to Email
  • Share to Yahoo Messenger
  • More...

0 comments

 
© 2011 Secure PC - Unlock Your System Protection
Posts RSSComments RSS
Back to top