Today passwords are a part of our everyday life. It is critical to protect our information from getting into the wrong hands. Unfortunately, a weak password is a weak defense against hackers. Here are a few ways hackers are trying to get a hold of your information and how you can help stop them.
1: Credential Stuffing
This happens when an attacker already has your login info – typically from a data breach at a large company like Target, Bank of America, etc. who store credit card and login info for their clients. They will log in as you and impersonate you to make changes on your account. If you have used the same password on different accounts, they now have access to all of them. Your best defense is to make sure you have strong passwords and different passwords for every site.
2: Password Cracking Techniques
These are techniques that attackers use to “guess” passwords to accounts. They have algorithms that can crack a weak password. The best way to prevent this is to make sure you have strong passwords that aren’t repeated for logins to other sites. Use a mixture of upper case letters, lower case letters, numbers and characters. Never use names or real words. Not even your favorite cat’s name!
3: Shoulder Surfing
Shoulder surfing is when someone around you watches to see the private information you type on your keyboard or on your screen from over your shoulder. It can happen at the grocery store or the ATM. We have to be aware of our surroundings whenever we are typing in sensitive information in a public place.
4: Social Engineering
This is when someone tries to get you to reveal sensitive information by pretending to have clearance for it. If a customer service agent is calling you and wanting to verify your credentials, make sure you verify them first! Never give passwords or private info to strangers no matter who they claim to be.
Microsoft, Google, the IRS, Dell will never call you. Never.
Phishing is similar to social engineering but it’s more specific to email. Hackers will create an email looking like it’s from a legitimate source prompting you to type in information. If you are ever questioning the legitimacy of an email, call the person sending the email. If it’s a large corporation, open a new browser window and log in directly from their website. Never click the links in the email to log in.
6: Wireless Sniffing
This happens when a hacker collects data that is being sent between your computer and someone’s server. If a site isn’t using a TLS/SSL Certificate, the information being sent isn’t secure. You should see a closed padlock symbol on the left end of the site’s address telling you it is a secure site. If the padlock isn’t there, don’t give them any information! Not even your email.
7: Man-in-the-Middle Attack
This is similar to wireless sniffing but the information continues on to the server and back to your computer while the “man in the middle” is observing it. Once again, your best protection is to make sure the sites you visit have an updated TLS/SSL certificate. If you are using the Chrome browser, Google will alert you as to when a site’s certificate is bad and if it does you shouldn’t input any information.
Your Computer Lady recommends Last Pass as a storage vault for passwords and private data. Visit their website.