Welcome to the Future! Passwords Are Stolen Using the Heat of Your Fingertips

Password problems affect thousands of users worldwide every day. Some users simply lose their passwords and thus can no longer log in to their accounts, whereas others cannot recall them when needed or, even worse, get hacked by cyber criminals. According to Verizon data breach investigation report, 81% of all hacking-related breaches take place due to weak and/or stolen passwords. There are some common techniques password hackers use to get access to users' online accounts. You should be aware of them all – identifying the main methods and causes of cyber attacks is a step closer to a safer web browsing experience.

Hollywood tends to portray hackers as nerds with a high IQ sitting in front of computers checking a Matrix-style code running on the screen all day, but this is only a surreal image that has nothing to do with ordinary present-day hackers. Nowadays, your password hacker might be your friendly-looking neighbor living on the 3^rd floor because basically anyone can download/purchase advanced hacking software, learn how to use it, and then employ it to perform malicious activities. The availability of automated hacking software on underground forums and Dark Web is surely one of the reasons the hacking rate does not stop growing, but it is, partially, the users' fault as well since they still set weak passwords like 123456 and password1 for their accounts and reuse them across multiple accounts, making the cyber criminals' job even easier. As statistic shows, password hackers have hacked 32% of respondents' accounts at least once. Unfortunately, there is no evidence showing that cyber attacks will become a problem of the past soon.

Top 3 techniques password hackers use to obtain passwords

Phishing

Phishing is not related to fishing in any way, even though these two words are pronounced almost exactly the same. Phishing is a technique that PhishTank describes “as a fraudulent attempt, usually made through email, to steal your personal information.” For example, a hacker can send a fake email to you claiming that it is a must to change Gmail or Facebook password ASAP due to security reasons. The page looks legitimate, so a bunch of users fall victim to the scam and opt to “change” their passwords. Once old password and login are entered, these details fall into the cyber criminals' lap immediately and then the account gets hacked.

Malware

Malware, aka malicious software, might be used by password hackers as well. These infections can be employed to perform a number of malicious activities on affected computers, including stealing/deleting data, modifying certain system's functionalities, and surreptitiously tracking users' activities. According to specialists, there is a bunch of factors leading to the installation of malicious software. For instance, users might end up with computer infections if they download and use tons of pirated software, click on unknown links, or simply do not have an antimalware/antivirus tool installed on their PCs but surf the Internet every day.

Brute-force attacks

Brute-forcing is one of the most common hacking methods used by password hackers. A brute-force attack is an activity that focuses on trial-and-error attempts. To put it another way, hackers try various password combinations until they manage to break into targeted accounts. Specialized programs hackers employ make the procedure as easy as winking since they allow making a high number of attempts per minute. Hackers might even try out the information found on your online profiles, including your birth date, names of your loved ones, and your pet's name. We do not try to say here that you should close all your online accounts right away, but you should definitely update all weak passwords that contain personal details.

Say welcome to Thermanator. Wait, what?

The above-mentioned password hacking methods no longer surprise specialists since crooks use them quite broadly, but cyber techniques do not end there, as recent research has shown. It seems that cyber criminals are becoming more and more ingenious. Scientists Tyler Kaczmarek, Ercan Ozturk, and Gene Tsudik working at the University of California say that password hackers might use a more sophisticated method called Thermanator to steal passwords as well. Generally, it can be defined as a “thermal residue-based post factum attack on keyboard password entry.” This is no doubt a new generation password hacking method, specialists say.

There is nothing new about keylogging malware (keyloggers) that is used by password hackers to log users' keystrokes with the intention of obtaining passwords they type, but the introduction of the Thermanator technique clearly shows that the keystroke logging to steal passwords has been taken to the next level, which surely raises some concern for security specialists. This modern hacking method involves a mid-range thermal camera, which explains why the name Thermanator has been assigned to it. This camera allows keystroke logging to steal passwords as well, but, unlike an ordinary keylogger, it relies on the thermal energy left on the keyboard by the targeted victim.

The Thermanator attack might be very fruitful, but it is not that easy to perform it. First of all, hackers must break into the victim's home, office, or another place to set up and hide a thermal camera in front of the targeted user's keyboard so that it could capture images of the thermal residue present on the keyboard. Then, cyber criminals have to patiently wait until the password is entered by the user. Finally, they need to find a way to draw a victim away from the computer in order to perform the keystroke logging to steal the password. Time is not the password hackers' ally for sure because thermal residue dissipates over a short period of time, approximately 30 seconds.

If you are an ordinary user, cyber criminals will probably not even bother to use the Thermanator password hacking technique against you to steal your passwords, but if you are Mark Zuckerberg or a CEO of a company generating a multi-million yearly profit, you should always look over your shoulder before typing your password – hackers may want to reveal all your business secrets. You should also consider switching to specialized software for managing passwords.

Even though it might seem that password hackers cannot be stopped, you can still protect yourself. First of all, set strong passwords for all your accounts. A strong password is long enough (e.g. 14 characters long), contains a mix of special symbols, numbers, and letters, and, finally, does not include any personal information. Second, you should entrust your password safety to a password manager. Once you install it on your PC and save all your credentials, you will no longer need to enter passwords manually – a password manager will enter it for you automatically. As a consequence, password hackers could not perform keystroke logging to steal passwords using a thermal camera even if they manage to set it up and conceal it in your office. Hip, hip, hooray!