We Now Know What Passwords Hackers Try First When Brute-Forcing Accounts

When we talk about passwords, the first thing that probably comes to your mind is your email or your social media account password. But these days, we have to take a broader look at all the accounts and devices that we have, so that we could upgrade our understanding of how we apply passwords.

Sure, we all know that passwords are here to stay even though researchers are working hard to come up with new authentication methods, so that we wouldn’t depend on passwords that much. However, before any of that happens, it is our duty to make sure that we change weak passwords into something complex.

Why do I have to create complex passwords for every account?

The obvious reason for creating complex passwords is security. Also, weak passwords are extremely easy to guess. Not to mention that even if it’s not possible to guess a password immediately, hackers can easily brute-force them by trying out countless of character combinations within seconds. Therefore, it is important to change default passwords into something complex.

If you’re wondering what the most common passwords are out there, you can check out this entry here. You might want to check whether you’re not using any of the passwords on the list. And we’re not talking just about your email account or your utility bill app. Think about all the devices that you use, not just your cell phone or your computer.

There is a consensus among security researchers that with the rise of the Internet of Things (IoT), there has been an increase in cyber hacks, too. So, it is important to take into consideration every single device that is connected to the network, and see whether that device is still protected by a weak password. You probably wouldn’t think of employing the same cybersecurity measures for your fridge or baby monitor as you use for your iPhone, but that’s exactly what you have to do.

The problem with the IoT is that most of those devices come with default passwords, and then users forget to change them. The default passwords are obviously weak. Whether it’s because of negligence or because of sheer ignorance, users quite often are exposed to potential cyber hacks and other malicious actors because they do not consider that there is anything dangerous about their smart IoT device. But that kind of attitude should melt faster that ice-cream in a hot summer sun.

If you care about your cybersecurity, you will see to it that you change all the weak passwords on your devices immediately. Also, if you want to learn more about various IoT cybersecurity threats and you need tips on how to avoid them, you can check out our article on how to protect IoT devices.

How do I know if my device has a weak password?

As mentioned, you can check out the list of the most common passwords that we shared in the section above. Also, if you have never changed the default password on your smart device, the chances are that it is weak.

What’s more, there are tons of reports out there about the most commonly used password combinations when hackers apply brute-forcing to hack into devices and accounts. According to Steve Ranger at ZDNet, security company F-Secure has been researching cyberattack patterns by deploying honeypots or decoy servers. This research suggests that the rise in attack traffic is directly influenced by the growth of the IoT.

Also, through this research, it was discovered that there are certain passwords that hackers almost always try to use when they discover a potentially vulnerable device and then try to access it. The list of those passwords includes:

  • admin
  • 12345
  • default
  • password
  • root

Of course, you might say that if someone hacks into your IoT device, it doesn’t pose that much of a security risk because a device like a smart doorbell might not store sensitive information. However, hacked IoT devices provide network activity for the cybercriminals, and they can be easily exploited as bots in DDoS attacks. So, if you happen to use one of the passwords above, you must change them right now.

How do I come up with a strong password?

Now it is clear that a weak password is a no-no. You simply must change it, but it can be quite a challenge to create complex passwords for every account. In some cases, some people might even be wondering what on earth could constitute a complex password.

Well, to put it simply, a complex password is harder to guess. Therefore, it should be long and random. Using actual words (even in a language you think a hacker might not understand) is not a good idea because programs used for brute-forcing can still guess that. After all, actual words are easily recognizable patterns.

So, if your password has to be random, it needs to have a jumble of different characters. It should consist of lower case and capital letters, and you might want to sprinkle some numerals and special characters in there, too. Not to mention that it also should be as long as possible. For instance, if an account or a device password length is between eight to sixteen characters, you should definitely go for sixteen.

Of course, we understand that it’s virtually impossible to memorize complex passwords for every single account that you have (unless you have a phenomenal memory). Not to mention that it might be quite exhausting coming up with new strong passwords, too. To save you the trouble, we would like to recommend trying out the Cyclonis Password Manager free trial. This tool lifts some of the hardest load off your shoulders. You can use the built-in password generator to create complex passwords for every single account, and then the tool will also save the password for you. You won’t need to memorize it as it will be secure behind a strong encryption.

Finally, if the device or the service you are using offers such an option, you should most definitely enable 2-factor or multi-factor authentication. Coupled with a complex password, it will provide a strong layer of security.

By Foley
June 8, 2020
Password Security
June 8, 2020
Password Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

News

Hackers Have Brute-Forced Admin Usernames and Passwords of 20,000 WordPress Sites

When security researchers say that adding '123' to the end of a weak password isn't doing a whole lot to improve its security, many people tend to think that the paranoia levels are running too high. Users reckon that... Read more

December 13, 2018
How To

How to Enable Windows to Remember Your Accounts and Passwords Automatically

Your average Windows user visits a bunch of online sites that necessitate a username and password for authentication. We generally recommend that you use different passwords for different places but, with so many... Read more

May 10, 2019
News

Hackers Drop Malware Using a Spreadsheet Called 'The Worst 25 Passwords'

Back in the day, scams were all about social engineering – confidence artists needed to convince their victims, to woo them in a particular way in order to part them from their cash. Things are somewhat different... Read more

August 30, 2019
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.