At this point of time, remote working has become the standard for employees everywhere. This increase in remote working however has significantly increased the potential for security breaches in a company as well. Hence, the robustness and strength of passwords are now more important than ever.
Passwords remain as the most used system to keep personal data safe or to allow access to a service – both personally and professionally – and are therefore a target for cybercriminals.
Evan Dumas, Regional Director, Southeast Asia and Korea, at Check Point Software Technologies, shared the following tactics that are being sued to steal passwords and provided the necessary advice to prevent any person or company from being becoming a victim.
- Phishing attack
This methodology has become one of the most widely used tools for stealing passwords and usernames. It works in a simple way: sending an email that appears to come from trusted sources (such as banks, energy companies, etc.) but which, in reality, aims to manipulate the recipient in order to steal confidential information.
In this case, one of the best recommendations is to choose to enable two-step authentication. This extra layer of security prompts the user to enter a second password, which is usually received via SMS. In this way, access to an account is prevented even if they have prior information about their credentials.
- Brute-force or dictionary hacking
This type of cyber-attack involves trying to crack a password by repetition. The cyber criminals try different combinations at random, combining names, letters and numbers, until they come up with the right pattern.
To prevent them from achieving their goal, it is essential to implement a complicated password to make it difficult for them. To do this, it is necessary to leave out names, dates or very common words. Instead, it is best to create a unique password of at least eight characters that combines letters (both upper and lower case), numbers and symbols.
These programmes are capable of recording every keystroke made on a computer and even what you see on the screen, and then sending all the recorded information (including passwords) to an external server. These cyber-attacks are usually part of some kind of malware already present on the computer.
Dumas said the worst thing about these attacks is that many tend to use the same password and user for different accounts, and once one is breached, the cybercriminal gains access to all those who have the same password.
To stop them, he said it is essential to use a single option for each of the different profiles. To do this, a password manager can be used, which allows both managing and generating different robust access combinations for each service based on the guidelines decided upon.
"Both phishing and keyloggers are two types of attacks that are used on hundreds of devices. This risk can be easily remedied by configuring varied and robust combinations of at least eight characters interspersed with letters, symbols and punctuation marks. In this way, cybercriminals will find it much more difficult to get hold of the passwords and we will ensure the highest level of security on our computers," said Dumas.