Grant McGregor News

Passwords are Fundamentally The Weakest Area of Computer Security

December 09 2014

 

Recently Twitter announced that it was saying goodbye to passwords on its mobile app. The social media giant stated that its primary reason for doing so was because a lot of people in developing countries did not have email addresses. However, they also made reference to the fact that passwords (in their words) ‘suck.’

Instead of requiring users to login to their Twitter accounts via their mobile phones using a password, they will instead input their phone number. An SMS will then be sent to their phone with a confirmation code, which must be entered before access to the app is granted. Once the code has been used it will automatically expire, helping to prevent security breaches.

 

Rising number of high profile security breaches

Twitter isn’t the first company to become tired of passwords, which are fundamentally the weakest area of computer security. Recent high profile security breaches involving the likes of Dropbox, iCloud, Staples and NeedMyTranscript have affected millions of people all over the world and prove that even the biggest companies can be affected by something like theft and password cracking.

This, along with the news that personal data traded by criminals has trebled in just two years, shows that greater measures need to be taken when it comes to creating and securing passwords.

According to Experian, over a hundred and ten million pieces of data have already been bought and sold by criminals this year, which results in a whopping 300% rise on the same period in 2012. The company stated than 97% of the illegal trades featured login credentials, including usernames and passwords, showing just how important it is that people change their passwords regularly.

But it’s not just individuals who put themselves at risk by using weak passwords; businesses are just as guilty. This is why it is extremely important that businesses set strict password policies in the work place explaining the importance of strong passwords and how regularly their staff should change them.

Whilst educating employees is the best defence against security breaches caused by weak passwords, IT managers should also consider implementing expiry dates on passwords so that employees are forced to change them on a regular basis. This may be annoying to those employees but it is fundamental to securing IT systems.]

 

How can hackers break your password?

Today cyber criminals and hackers have all sorts of tools and techniques for cracking passwords and gaining access to individuals’ personal and bank details, as well as companies’ confidential data.

 

Brute force attack

One way they can do this is through what is known as a ‘brute force attack.’ This basically involves them working through different combinations of characters until they find your password. This is why it is strongly recommended that people make their passwords as long, random and difficult as possible.

 

Dictionary attack

Another method is called the ‘dictionary attack.’ This basically requires them to work through words in the dictionary until they find the password you have used. We recommend that you do not use correctly spelled or complete words at all.

 

Personal attack

People have a tendency to use their personal information, such as their children’s, partners, parents and even pet names as their passwords. The problem with doing this is that a hacker only has to find out this information about you (perhaps via your blog or social media pages) and they’ll have access to your information.

 

Key logging

Some hackers also obtain passwords through a process known as key logging. This occurs when malware is downloaded onto a user’s device that covertly captures the keys they are pressing on the keyboard. The information is then relayed to the hacker so they can determine the password and access the user’s details or in the case of a business, the network.

 

Tips for creating stronger passwords

Here are a few tips to help you create better passwords.

Make sure your passwords are unique

Our first tip for creating stronger passwords is to use as many unique passwords for your online accounts as possible. The problem is that if you use the same password over and over again and a hacker gets hold of it, they’ll be able to do a lot more damage.

 

Use different characters

Our second tip is to ensure that your passwords always feature a wide range of characters. Make sure that they are not always letters or numbers. A strong password with feature a combination of letters, numbers and other keyboard symbols.

 

Change your passwords regularly

Our third tip is to make sure you change your passwords every couple of months (at least). If you run a business that uses computers (which most do these days) it is important to stress this rule within your password policy to help prevent security breaches.

 

Avoid using significant passwords

Avoid using birthdays, your partner or children’s name or basically easy to predict password combinations. For example if your wife is called Jill and she was born in 1963, a password Jill1963 is very easy for a hacker to guess if they have access to your personal information.

 

Download our free password guide

For more information about how to create strong passwords and avoid becoming a victim of password theft, you can request and download our free password guide. This guide will teach you how to create 3-Dimensionial passwords and provide tips on how you can out-smart even the most intelligent password-cracking software.

We have written it in plain-English so it’s easy to understand and have already received great feedback from clients who have followed the guide and used it to create password policies in the work place and improve the security of their systems.

BACK TO TOP