Passwords 101

1 (1)


Have you ever stopped to think about “why” IT departments continuously preach about password security?

We think it’s important to not only educate business owners & their employees on how to enhance their security (especially at home), but also to educate them on why it’s important. So let’s start by looking at how hackers get your password, so you can understand how to better protect yourself:

1. Credential Stuffing

This involves hackers testing passwords and usernames against multiple accounts to see if there is a match.

How to Protect Yourself: To protect yourself, every login credential should be unique. This means the password you use for your email should be different than what you use for Facebook, and so on.

2. Phishing

This is psychological manipulation to trick users (usually via email) to supplying their credentials via a “legitimate request”.

How to Protect Yourself: To protect yourself, you can use 2-FA (multi-factor authentication). This means that even if a hacker were to obtain your login information, they would also need the second form of identification in order to finish logging in.

3. Password Spraying

Batman is on the list of Top 100 most commonly used passwords. Pass Spraying is a technique that involves using the most popular, widely used passwords and testing on a wide-scale. Unlike credential stuffing, the hacker already has the usernames and is focused on a single goal – figuring out your password.

How to Protect Yourself: Be as unique as possible. Lots of characters and something that only you will know.

BONUS Trick:

Some password systems will allow you to use a [space] in your password. This will make your password MUCH harder to guess, giving you an added layer of security.

4. Keylogging

This is the act of tracking your movement – aka your key logs. As you type, hackers can see this – thus, they follow your keystrokes to decode your password.

Hackers can typically deploy this method by infecting commercial spyware tools (that are used to monitor employees!).

How to Protect Yourself: Make sure you have your endpoint is protected or that you’ve installed security software installed that can detect malicious activity.

5. Bruteforce Attacks

This might seem like it’s out of a sci-fi film, but Bruteforce is a method where hackers are using password cracking software to run through millions of combinations in seconds.

How to Protect Yourself: Your system administrator should be familiar with a term called – salt. It’s a term associated with encrypted passwords. If your system has been set up correctly, it’s virtually impossible to get your passwords. However, if your salts are not stored properly, then you could be at risk. It’s best to call your administrator to double-check.

6. Local Discovery

If you’re writing down your passwords on a sticky note and placing them on the bottom of your computer, then you’re at risk. If you’re not writing down your passwords than you’re safe.

To summarize, if you’re a small business owner, it’s highly recommended to make sure you’re employees are following basic password etiquette so you can keep your information protected, and keep your business safe.