Could you imagine, hackers may already know your password. Are you the type of person that uses the same password on facebook as you do for your online banking? That question should hopefully inspire some thought. Password security is very important. More important than many seem to realize. Getting passwords may also not be as hard as you think.
How might a hacker know my password you ask? Hackers can use one of several similar methods to attack for your password: guessing attacks, dictionary attacks or a brute force attack.
Guess Attacks
Passwords can sometimes be guessed by humans with knowledge of the user’s personal information. Here are some examples of a guessable password:
- the words “password”, or “admin”
- a row of letters from the qwerty keyboard — qwerty itself, asdf, or qwertyuiop)
- the user’s name or login name
- the name of a significant other, a friend, relative or pet
- their birthplace or date of birth, or a friend’s, or a relative’s
- their office number, residence number or most commonly, their mobile number.
- a name of a celebrity they like
- a simple modification of one of the preceding, such as suffixing a digit, particularly, or reversing the order of the letters.
- a swear word
These days with social media it is not difficult for a hacker to find personal information about you online. Some of the surveys or ‘friends’ you may have in social networks may actually have malicious intentions and are gathering information about you. Attackers are smart and have a lot of experience, you may think your password is secure and creative because you graduated from Valley High School in 1996 so your password is ‘ValleyHigh96’ but an experienced hacker may be able to figure that out simply from gathering information about you!
Guessing is particularly effective with systems that employ self-service password reset. For example, in September 2008, the Yahoo e-mail account of Governor of Alaska and Vice President of the United States nominee Sarah Palin was accessed without authorization by someone who was able to research answers to two of her security questions, her zip code and date of birth and was able to guess the third, where she met her husband
Any of the above are common password mistakes. If you are making any of these mistakes, it’s time to make some password changes.
See also posts on Dictionary Attacks, and Brute Force Password Attacks.
13 comments
Passwords: Dictionary Attacks « Information Carnivore says:
Jun 18, 2010
[…] PC Tips « Hackers may already know your password […]
Passwords: Brute Force Attack on You « Information Carnivore says:
Jun 18, 2010
[…] Brute Force Attack on You We’ve previously discussed guess attacks and dictionary attacks on your passwords. And we’ve determined now that password security […]
Tweets that mention Hackers may already know your password « Information Carnivore -- Topsy.com says:
Jun 18, 2010
[…] This post was mentioned on Twitter by Daniel Snyder, Daniel Snyder. Daniel Snyder said: Hackers may already know your password. http://bit.ly/cj2x9a […]
Vote on this article at blogengage.com says:
Aug 3, 2010
Hackers may already know your password!…
Could you imagine, hackers may already know your password. Are you the type of person that uses the same password on facebook as you do for your online banking? That question should hopefully inspire some thought. Password security is very important. M…
Zolex PC says:
Aug 19, 2010
Passwords and password management continue to be a problem for the average user. While there are some good password management programs out there, most people don’t know about them or may have trouble understanding how to use them.
In order to give some balance to these types of users I usually recommend they pick a password that is somewhat crazy or odd and then to attach a few numbers to it. Because it is crazy or odd it sticks with them in their memory and can still be difficult to crack or guess.
For example something along the lines of garbagecan978. It is laughable but easy to remember and surely not a commonly used password. People are also most likely to use the same password for as many sites as possible just for the convenience. I recommend using 3 or so of those crazy type passwords. It makes them still difficult to guess or crack and you only need to remember 3 passwords for everything.
Anonymous says:
Aug 19, 2010
I wrote another post about password management and utilizing some of the available programs which can be read here ->>> http://bit.ly/9Hn0el
Mark Bell says:
Aug 25, 2010
This is something that really frustrates me too. I can’t understand why they say your password must be between 5 and 8 characters, and must consist of solely alphanumeric characters. The security guidelines seem so stupid, i wouldn’t be surprised if the passwords are not even encrypted with some kind of salt key.
I try to get passwords with upper and lower case characters, numbers and special characters. It baffles me why so many people don’t implement this.
Daniel Snyder says:
Aug 26, 2010
Yeah I hear you Mark. It drives me nuts when I have to ‘weaken’ my password in order to register with a website.
A.Tatum says:
Sep 9, 2010
Good write up. The average user really never think about these things. I wrote a post about 2 years ago on Key Scrambler. It scrambles your keystrokes so your information can’t be stolen by key-loggers. http://maddencorner.blogspot.com/2008/06/keyscrambler.html
Rajesh@Hack Facebook Account says:
Dec 26, 2010
Yeah, Keyscrambler really helps in protecting yourself from hackers and thus, keyloggers. I am using this software since more than 1 year and it has never let me down.
Daniel Snyder says:
Dec 28, 2010
Not familiar with this product, would like to check it out… thanks!
Safe password Management, better than sticky notes. | Info Carnivore says:
Oct 12, 2010
[…] Brute Force Attacks & You. Passwords: Dictionary Attacks & You. Hackers May Already Know Your Password Passwords are a Pain: Top 7 Password […]
olddogg.com says:
Mar 8, 2011
Hackers may already know your password | Info Carnviore…
Could you imagine, hackers may already know your password. Are you the type of person that uses the same password on facebook as you do for your online banking? Password security is very important. More important than most people seem to realize. How m…