We Now Know What Passwords Hackers Try First When Brute-Forcing Accounts

When we talk about passwords, the first thing that probably comes to your mind is your email or your social media account password. But these days, we have to take a broader look at all the accounts and devices that we have, so that we could upgrade our understanding of how we apply passwords.

Sure, we all know that passwords are here to stay even though researchers are working hard to come up with new authentication methods, so that we wouldn’t depend on passwords that much. However, before any of that happens, it is our duty to make sure that we change weak passwords into something complex.

Why do I have to create complex passwords for every account?

The obvious reason for creating complex passwords is security. Also, weak passwords are extremely easy to guess. Not to mention that even if it’s not possible to guess a password immediately, hackers can easily brute-force them by trying out countless of character combinations within seconds. Therefore, it is important to change default passwords into something complex.

If you’re wondering what the most common passwords are out there, you can check out this entry here. You might want to check whether you’re not using any of the passwords on the list. And we’re not talking just about your email account or your utility bill app. Think about all the devices that you use, not just your cell phone or your computer.

There is a consensus among security researchers that with the rise of the Internet of Things (IoT), there has been an increase in cyber hacks, too. So, it is important to take into consideration every single device that is connected to the network, and see whether that device is still protected by a weak password. You probably wouldn’t think of employing the same cybersecurity measures for your fridge or baby monitor as you use for your iPhone, but that’s exactly what you have to do.

The problem with the IoT is that most of those devices come with default passwords, and then users forget to change them. The default passwords are obviously weak. Whether it’s because of negligence or because of sheer ignorance, users quite often are exposed to potential cyber hacks and other malicious actors because they do not consider that there is anything dangerous about their smart IoT device. But that kind of attitude should melt faster that ice-cream in a hot summer sun.

If you care about your cybersecurity, you will see to it that you change all the weak passwords on your devices immediately. Also, if you want to learn more about various IoT cybersecurity threats and you need tips on how to avoid them, you can check out our article on how to protect IoT devices.

How do I know if my device has a weak password?

As mentioned, you can check out the list of the most common passwords that we shared in the section above. Also, if you have never changed the default password on your smart device, the chances are that it is weak.

What’s more, there are tons of reports out there about the most commonly used password combinations when hackers apply brute-forcing to hack into devices and accounts. According to Steve Ranger at ZDNet, security company F-Secure has been researching cyberattack patterns by deploying honeypots or decoy servers. This research suggests that the rise in attack traffic is directly influenced by the growth of the IoT.

Also, through this research, it was discovered that there are certain passwords that hackers almost always try to use when they discover a potentially vulnerable device and then try to access it. The list of those passwords includes:

  • admin
  • 12345
  • default
  • password
  • root

Of course, you might say that if someone hacks into your IoT device, it doesn’t pose that much of a security risk because a device like a smart doorbell might not store sensitive information. However, hacked IoT devices provide network activity for the cybercriminals, and they can be easily exploited as bots in DDoS attacks. So, if you happen to use one of the passwords above, you must change them right now.

How do I come up with a strong password?

Now it is clear that a weak password is a no-no. You simply must change it, but it can be quite a challenge to create complex passwords for every account. In some cases, some people might even be wondering what on earth could constitute a complex password.

Well, to put it simply, a complex password is harder to guess. Therefore, it should be long and random. Using actual words (even in a language you think a hacker might not understand) is not a good idea because programs used for brute-forcing can still guess that. After all, actual words are easily recognizable patterns.

So, if your password has to be random, it needs to have a jumble of different characters. It should consist of lower case and capital letters, and you might want to sprinkle some numerals and special characters in there, too. Not to mention that it also should be as long as possible. For instance, if an account or a device password length is between eight to sixteen characters, you should definitely go for sixteen.

Of course, we understand that it’s virtually impossible to memorize complex passwords for every single account that you have (unless you have a phenomenal memory). Not to mention that it might be quite exhausting coming up with new strong passwords, too. To save you the trouble, we would like to recommend trying out the Cyclonis Password Manager free trial. This tool lifts some of the hardest load off your shoulders. You can use the built-in password generator to create complex passwords for every single account, and then the tool will also save the password for you. You won’t need to memorize it as it will be secure behind a strong encryption.

Finally, if the device or the service you are using offers such an option, you should most definitely enable 2-factor or multi-factor authentication. Coupled with a complex password, it will provide a strong layer of security.

By Foley
June 8, 2020
June 8, 2020

Leave a Reply