Ways of stealing your password and top tips to stay safe

There are many ways of stealing a password, but the two main ways traditionally are:

Social engineering / Phishing or Vishing
Hacking

Top tips to stay safe:

Number 1) Keep your information private

The former requires that you willingly give your information out, perhaps a convincing email claimed they required that information, or a phone call alleging to be from some provider or company (very popular these days!). Somehow you got tricked and it wasn’t fun. The latter you have less control over, anyone with the tools and enough knowledge could intercept communications, or breach systems that contain information about your password. The tools and knowledge already exist online for literally anyone to get, along with tutorials on how to use them.

If you accidentally gave your password away, it’s pretty much too late. Change it. It does not matter how good your password was once someone else knows it. The problem becomes less about how good the algorithms are, instead turning into one of trust. You might trust your partners, or children or even co-workers with your passwords, but your security will only be as good as their level of trustworthiness.

“So why does this matter so much? What if my web account had a data leak? I bought a silly gift that one time and I’m never going back. Do I care?”

You probably

IT MATTERS!

Number 2) Don’t use the same password twice

Well its likely they asked you for a username when you registered, they might have used your email address as your username, or at least stored your email on their servers. If you were uncareful and used the same password to buy that novelty pencil sharpener as your main email account, it doesn’t take a genius to try the odds and see if they match. Once somebody has your primary email account accessed they can pretty much take over every account you control, this is somewhat ironic since it is achieved by exploiting how easy passwords are to forget. You can have your passwords reset in almost all cases for online accounts. In 99% of cases, that password link or reset will go straight to your inbox where any old Timmy Hacker can get it, once inside, they could change the password for everything you have thereby effectively locking you out. Clearly then, using the same password twice is a terrible idea, especially when it comes to email.

“My password is already good, isn’t it? It’s my favourite thing with an important date at the end, and I swapped my ‘o’ for a ‘0’, my ‘A’ for a ‘4’ so I’m good right?” (eg C0rs493)

You probably

NOPE!

Number 3) All your online accounts need a strong password

Many years ago, when the internet was new, the frontier of the online world largely unexplored, someone somewhere decided it would be ‘cool’ to be creative with their computer text and started substitutions of letters for numbers or symbols and when 74k3n 70 4n 3x7r3m3 17 c4n b3 4 71ny b17 r1d1cul0u5. This used to be a pretty effective method at hindering password cracking operations, the algorithms were weaker then, computers much slower and crackers couldn’t easily overcome it. And what’s now known as Leet speak (Elite Speak) was an effective way of multiplying the work needed to crack a password with brute force.

And here comes the section with the maths and the numbers. Say we started with the basic password ‘12345’ someone somewhere will have used this password, for sure, and they should be ashamed. The total scope for this password is very small, only five characters in length, all numbers. There are ten different number symbols, and so the maximum total number of guesses needed would be 10x10x10x10x10 or more simply one hundred thousand guesses. Even with today’s improved encoding and hashing algorithms it doesn’t take long for a computer to work through such a small amount of possibilities. Password strength is derived from three factors such as 1) number of symbols, 2) password length and 3) its complexity. Visit our website tomorrow to read more about factors one and two.

Ben

Ben is looking after our clients’ IT systems and backups, making sure their equipment and infrastructure are responsive and reliable.

If you would like to talk to Ben about anything mentioned in this article please let me know and I will ask him to contact you and answer your questions.

Kamila

General Manager

Octagon Technology Ltd

Cookie	Duration	Description
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_141969298_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.