If You Use VPN Software, Make Sure You Protect Your Passwords

We have already transferred a big part of our lives to an online medium and connect to the Internet far more often than we used to. As research has shown, the majority of online population (22%) uses the Internet connection to check their social media accounts, but it is no doubt not the only activity people perform. They also go online to find information they are looking for (21%), read online content (20%), check emails/communicate (19%), surf multi-media websites (13%), and do online shopping (5%). The majority of people claim that they spend an average of 24 hours online each week, but some are not afraid to admit that they spend up to 40 hours, two times as many as the statistic shows, online. No evidence that could prove that this number is going to decline anytime soon is available, so it is more important than ever to focus on online privacy and security.

Security specialists' efforts to educate people on the dangers they might face while surfing the Internet are not completely fruitless. Many users know well that their personal and financial information might be stolen if they act carelessly. Hackers' capabilities have evolved together with the growth of technology, so today one careless move may result in identity theft, credit card fraud, or a bunch of other privacy and security-related problems. Specialists are well aware of the risks on the Internet as well. Luckily, they do not sit doing nothing. They develop and release new technologies that should help users to improve their virtual security.

The undying popularity of VPN

A Virtual Private Network, or VPN, is a widely used technology that was introduced to provide protection against online threats and ensure users' anonymity. The VPN technology is not something completely new. Its history dates back to 1996, but specialists continue to improve it up to this day due to its undying popularity. Recent research has revealed that 35% of PC users and 42% of mobile users access a VPN on a daily basis. “Why do they need a VPN?,” you may ask. 5 main reasons behind the VPN usage can be distinguished. First, users connect to a VPN with the intention of accessing better entertainment content. Second, they want to access certain social networks/ services. Third, some users seek to stay anonymous while browsing the web. Fourth, there is a need to access certain websites, services, and files at work. Finally, some people use a VPN to communicate with their loved ones abroad. Generally speaking, a private network can help to safeguard one's online activities.

What about the security risks of using VPN software?

While the VPN technology was, mainly, a more advanced users' thing in the recent past, it is as easy as pie to use it today due to user-friendly VPN software available on the market. Unfortunately, it does not mean that all applications that allow creating a VPN can be trusted fully. PureVPN, one of the hundreds of popular VPN service providers, is a perfect example illustrating the fact that users might face security risks of using VPN software. Manual Nader, a security researcher working at Trustwave, has confirmed that there are two serious drawbacks associated with this piece of software. There are no guarantees that it does not share the same vulnerabilities with other VPN services, so if you opt to use VPN software, you must be extremely cautious since your virtual security is highly dependent on your actions.

The VPN password problem

The first PureVPN problem is directly associated with the VPN password set by the user. It has turned out that the Windows version of this VPN client might allow a hacker to obtain the stored VPN password of the last user who successfully logged into the service. Unfortunately, it means that all users' VPN passwords can be stolen if several users use the same machine running on the Windows OS. Specialists say that it is quite a piece of cake to hack the VPN password in this case – cyber criminals do not need any special tools since this can be done through the Graphical User Interface (GUI). Basically, cyber criminals can obtain the VPN password by simply opening the VPN client, accessing Configuration, User Profile, and then clicking Show Password. The company behind PureVPN has released a statement saying that “this is not vulnerability rather a feature that we deployed for ease of our users.” If you are fine with that, feel free to use the service but blame no one but yourself in case your VPN password gets hacked.

The second PureVPN flaw identified by Trustwave has already been patched. The VPN client used to store users' credentials in a plaintext file named login.conf (C:\ProgramData\purevpn\config\login.conf) that could be accessed by anyone using the computer through the Command Prompt (CMD). This vulnerability has been already fixed in the 6.1.0 version, but if you have not updated your VPN client yet, you still risk getting your credentials stolen. It is your top priority to download and install an update.

No matter how secure VPN software is, a cyber attack might still be caused by a human factor, so make sure you treat your VPN password with the utmost care. First, do not share it with unauthorized people. Second, make sure it meets the secure password requirements. Speaking specifically, it must be at least 14 characters long, contain a mix of symbols, numbers, and letters, and, finally, it cannot contain any personal information that cyber criminals could get from, let's say, your Facebook account. If you have too many passwords to remember when needed, use a trusted password manager. We would recommend installing Cyclonis Password Manager – it will keep all your passwords secure in an encrypted personal vault for free.

If you are concerned about the security risks of using VPN software, take matters into your own hands to prevent problems from arising. When it comes to ensuring that software cannot be hacked, setting a strong password is what you should do in the first place. Password reuse is not acceptable! Second, install all available updates since they usually contain some security improvements. Last but not least, always set two-factor authentication if possible.