One way or another, passwords are constantly showing up in the news. They are either being stolen in data breaches, mocked for being too basic, derided as pointless, or lamented for being outdated in an evolving technological world. No matter what opinion any of us have on passwords, though, one thing is indisputable, we are going to be using them for a long time. Unlike touch and facial recognition technology, passwords are used everywhere since they are cheap to implement and easy to use. For end-users, they’re as low-tech as security technology gets. Of course, the simplicity is what makes them attractive to cybercriminals. In this blog, we’ll take a look at how hackers steal passwords and how to stop them.
Credential stuffing, otherwise known as list cleaning and breach replay, is a way of testing databases or lists of stolen credentials, like passwords and usernames. This is used against multiple accounts to see if there are any matches. Sites with poor security are breached consistently, and cyber criminals actively target dumping user credentials from websites so they can sell them on the dark web. As some users will use the same password across multiple sites, criminals have a good chance of finding the user that has used them on another site. The key to staying protected against this method is easy: use unique passwords for all of your accounts. Of course, this won’t prevent your password from possibly being stolen for one website on a website with poor security, but it does mean the rest of your credentials will be safe. For your company, teach them the importance of using different and unique passwords. An IT team can also help with this process.
Phishing is a hacking trick which attempts to fool users into supplying their credentials to what they believe is an actual request from a legitimate vendor or website. Usually, but not always, phishing happens through emails that either contain malicious attachments or fraudulent links to cloned websites. Somewhere along the chain of events that starts with the user taking the bait, the cybercriminals will present fake login forms to steal user’s login credentials and passwords. Cybercriminals will also use some kind of inception between a user and a sign-in page to steal passwords. Consider using two-factor authentication to prevent this. Caution is also your ideal option to use against phishing. So ignore requests to sign into services from email links, and always go directly to the vendor’s site in your browser.
Keyloggers record the strokes you type on a keyboard and can effectively steal passwords for bank and business accounts. It is a bit more hard to pull off than credential stuffing or phishing, so make sure you have an excellent running security solution that can detect keylogging infections.
En-Net Services Can Help Today
Experience a superior method of getting the public sector technology solutions you need through forming a partnership with En-Net Services. Our seasoned team members are familiar with the distinct purchasing and procurement cycles of state and local governments, as well as Federal, K-12 education, and higher education entities. En-Net is a certified Maryland Small Business Reserve with contract vehicles and sub-contracting partnerships to meet all contracting requirements.