Data Security: Password Tips From Hackers

By Josh Markarian | July 17, 2019 |

It’s no secret that malicious cyber activity costs businesses and the economy dearly. For small business, the cost and damage of a data hack can be irreversible.

A staggering 81% of company data breaches are due to poor passwords. The good news is that by taking some simple but effective precautions in relation to passwords, businesses can help protect themselves from the havoc and damage data breaches can cause.

Here are some tips on how to create a hard to hack password but first some background on how majority of passwords are hacked.

In most cases, an attacker has gotten their hands on your password hash and not your password in plain, readable text. So what does that mean, and how can you take advantage of hashing to protect your data?

The password hash is the result of taking your password and putting it through one of many available mathematical algorithms known as hashing algorithms. The result of that process is a seemingly random string of characters—what we refer to as the hash. The thing about password hashes is that, for the same passwords run through the same algorithm, the hash never changes. To beat the hash a hacker uses a password cracker.

A password cracker comes up with its own passwords, puts them through the hashing algorithm, and then compares the resulting hashes with the captured users’ hashes. Typically, the cracker is using words found in the dictionary as the base for a password. This is why passwords that use common words (like “spring19” or “test1234”) are cracked fairly easily.

Here are some effective techniques you can put into play:

Do not use personal information

Don’t use your name or names of family members or pets in your passwords. Don’t use numbers like your address, phone number, or birthdays, either. These can be publicly available, on forms you fill out or on social media profiles, and easily accessible to hackers.

Do not use real words

Password cracking tools are very effective at helping attackers guess your password. These programs can process every word in the dictionary, plus letter and number combinations, until a match is found. Steer clear of using real words from the dictionary or proper nouns or names.

Instead, use special characters. By combining uppercase and lowercase letters with numbers and special characters, such as “&” or “$,” you can increase the complexity of your password and help decrease the chances of someone potentially hacking into your account.

Create longer passwords

The longer the password, the harder it may be to crack. Try for a minimum of 10 characters.

Modify easy-to-remember phrases

One tip is to think of a passphrase, like a line from a song, and then use the first letter from each word, substituting numbers for some of the letters. For example: “100 Bottles of Beer on the Wall” could become “10oBb0tW”.

Make Your Password a Nonsense Phrase

Long passwords are good; long passwords that include random words and phrases are better. If your letter combinations are not in the dictionary, your phrases are not in published literature, and none of it is grammatically correct, they will be harder to crack. Also do not use characters that are sequential on a keyboard such as numbers in order or the widely used “qwerty.”

Do Not Reuse Passwords & Change Regularly

When hackers complete large-scale hacks, as they have recently done with popular email servers, the lists of compromised email addresses and passwords are often leaked online. If your account is compromised and you use this email address and password combination across multiple sites, your information can be easily used to get into any of these other accounts. Use unique passwords for everything.



Posted in Blog Posts, eDiscovery and tagged ,

Leave a Comment

You must be logged in to post a comment.