You may think you know who has your passwords, but chances are that you don’t. Not long ago, cybercrime focused on a short list of crimes.
Today, cyber criminals are stealing and selling much larger swaths of user data from hacked web services, including passwords, emails, and usernames. The spookiest part? Yours could be among them, and you wouldn’t even know it until it’s too late.
Today is May 7th, World Password Day. We’re going to take a quick look at passwords, where they end up, and why computer crooks want them. You can’t always prevent these hacks, but knowing how they occur is your first step toward prevention—and as the G.I. Joes say, “Knowing is half the battle.”
How Your Password Gets Stolen:
Brute-forcing — Websites with many users (anything from online retailers and message boards to social networks and email) store users’ passwords in cloud databases. After gaining access to company servers, crooks steal the database, break it open with a password cracker, and sell the credentials online. A long, strong password, can help foil this method.
Network Sniffing — You know that free WiFi offered by the coffee shop, hotel, or bookstore? Unless you’re running traffic through a VPN, anything you send over the web (passwords, credit card numbers) can, and are, pulled out of thin air by hackers.
Social Engineering — Social engineering is when you trick someone into doing something they normally wouldn’t want to do, like share their banking password with a bad guy. This can be achieved through phone calls, phishing emails, and more.
Malware — Viruses on your computer can capture everything you type, including your passwords, and send them straight to the criminals.
Where Your Passwords Go — Once cracked, the passwords are sold in online black markets. Even though the bidders know these passwords are mostly from non-financial sites, he or she also knows that you’ve probably used that username and password on other sites. Perhaps a few. And that’s when the fun, for them at least, begins.
If you think nobody wants your passwords, keep reading. There is an extensive, online market where millions of stolen passwords are auctioned off to the highest bidders. The most valuable are bank and financial logins, but even non-financial credentials have value.
What Can You Do?
You’ll never be able to protect yourself against all attacks, but you can maximize prevention and mitigate damage with a few simple practices.
Use a Password Manager — You’ve probably heard about these, and there’s a reason: you definitely should be using them. Password managers make long, unique passwords easy.
Change Your Passwords Often — We discover new password leaks every day, but often don’t know that passwords have been stolen until days, weeks, or months after it happens, if ever. It’s very possible that some of your passwords are for sale right now. Changing your passwords regularly, dull as it is, helps ensure that once they get your password, it’s too late: you’ve changed it.
Enable Two-Factor Authentication — Even if someone has your password, they still can’t get into your account. Pretty cool, right?
Use different passwords for different accounts — Separate passwords for separate accounts prevent the overlap that allows a hacker to hop from one account to others.
Protecting your accounts can be tedious, but—if you’ve never been hacked—believe us, it’s worth it. To learn more about World Password Day, and to play Password Blaster, a game that uses real, leaked passwords, go to passwordday.org.