What Can You Do to Protect Your Passwords from Getting Stolen?

Stolen Passwords

You've heard all those security specialists who continue banging on about how your password should be long, random, full of a variety of different symbols and characters, and how it should look like nothing you've ever seen before. You might be wondering why those people seem so unnecessarily paranoid. Well, they're not paranoid.

They say all those things because today's cybercriminals have more than a few ways of guessing your password. By "guessing," we don't mean trying out "password," and when that doesn't work, giving "password1" a go. Today's password cracking attacks involve powerful hardware that can try out thousands of different combinations per second which is why while something short and simple like the name of your dog might have worked years ago, right now, it won't do much to stop the attackers. Password cracking and brute-forcing is something every computer user should be aware of, but it should also be pointed out that this is not the only way of compromising a password. Sometimes, all the criminals need to do to break into your account is to steal the login credentials.

How do cybercriminals steal passwords?

Password theft could actually be much easier than password cracking. Sometimes, the users are too negligent. In other cases, the service providers are at fault. It must be said, however, that attackers are good nowadays, and they are not to be underestimated. Here are some of the techniques they can use to get their hands on your passwords.

  • Data breaches. It is a shame that in the 21st century, some online service providers have yet to come to grips with the task of securely handling users' login credentials. If sensitive data is stored correctly, hackers shouldn't be able to see it, even if they do manage to get their hands on it. Unfortunately, we've seen leaked passwords that have been hashed with weak algorithms or left in plain form. We've also seen sensitive data that's been put in a database and left completely unsecured and exposed to the Internet. In such cases, the hackers don't actually need to hack into anything. They just need to hit the Download button.
  • HTTP. When you press the Login button on a page, your password and your username are sent to the server hosting the website which checks whether they're correct. Before they get to that server, they travel through a number of different hubs, and they can be intercepted. That's why the shape in which the data travels is extremely important. If you see HTTPS, along with a green padlock in the address bar of the browser, your login credentials will be encrypted before they're sent on their way, and if hackers steal them in mid-flight, they won't be able to read them. If, on the other hand, you see HTTP at the beginning of the URL, every piece of information will be sent in plain form which means that it can easily be abused.
  • Poorly configured free Wi-Fi networks. Once again, encryption is involved, only this time, it's between your device and the router in a hotel or a café. Wi-Fi is ubiquitous nowadays, and it must be said that its security has evolved over the last decade. That said, there are vulnerabilities even in the most recent protocols that encrypt the data between your device and the router. Exploiting them is not easy, and a hacker probably wouldn't bother trying to compromise your home network. When it comes to public wireless routers that handle the data of tens and probably hundreds of users, however, it's a bit of a different story.
  • Phishing. Last but not least, we've got what is perhaps the simplest and easiest-to-pull-off type of cyberattack. Criminals love it so much because it aims to exploit the user. And no matter how many security precautions have been taken, if the user isn't careful enough, a successful attack is not only possible but likely. Blaming the regular people is easy, but it must be said that the phishers' techniques are becoming more and more sophisticated, and it's sometimes extremely difficult to spot that you're actually giving your credentials away to the crooks.

How can you protect your passwords from thieves?

Now that you know what crooks can do to steal your password, it's time to find out what you can do to protect it.

  • When it comes to data breaches, not everything is under your control. After all, it's up to the vendor to ensure that its systems are secure and that the information is correctly stored. What you can control, however, is who you give your data to. Try to use trusted providers only, and don't create any online accounts unless you really need to.
  • We're in quite a lot of hurry nowadays, and when we navigate through different websites, security isn't the first thing on our minds. We have to change this, and one of the first steps is to take a peek at the address bar every time we enter our usernames and passwords. Look for the green padlock and the HTTPS protocol. HTTPS alone can't guarantee that your password won't be stolen, but without it, you can be almost certain that sooner or later, the crooks will get their hands on it.
  • Avoid public Wi-Fi networks. Yes, cafés and hotels set up wireless networks for the sake of their clients' convenience, but they did it back when the adversaries had fewer resources and less knowledge. There's a heap of threats associated with free Wi-Fi, and if you do need to use it, make sure that your browsing doesn't involve any sensitive or private information. If it does, a trusted VPN service is the way to go.
  • This inbox of yours could be hiding some pretty nasty things. Don't open any files or links you don't trust. Look carefully at who is sending the message, but even if the address looks legitimate, regard it with suspicion. If the email is saying that you need to change a password or validate an account that already exists, don't click any links in the message. Open a browser, type in the URL manually, and, after checking again for the green padlock, do what you need to do.

All the measures we've listed so far are preventive. Applying them will certainly help you build a better security posture, but even that might not be enough under some extreme circumstances. There are two other things you can do, however, to make sure that if all else fails, the damage will be contained.

  • Enable Two-Factor Authentication (or 2-step verification). Two-Factor Authentication is a relatively simple mechanism that can protect you in case the crooks have your username and password. See how it works, check if the providers you use offer it, and make sure that it's on.
  • Start managing your password properly. It's not easy, not when you try to do it on your own. But, as we mentioned already, when your passwords are complex, the hackers won't be able to crack them, and when they're unique, a single stolen password won't jeopardize all your online accounts. To help people take control of their passwords, we created Cyclonis Password Manager. It's a free tool that encrypts and stores login credentials, profile and payment information, and other sensitive data. To read more about Cyclonis Password Manager click here.
By Duran
May 31, 2018
Tips
English
May 31, 2018
Tips

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Password Security

What Does Cyclonis Password Manager Do to Protect Your Passwords?

You probably know already that using Cyclonis Password Manager gives you the convenience of having your usernames, passwords, payment methods, and a whole host of other sensitive information available just a few... Read more

April 3, 2018
How To

How to Protect my Passwords From Being Hackable?

There are a lot of things users can do to improve their online security and decrease the chances of becoming the victims of online attacks. Here are just a few anti-hacking counter-measures that can be taken by... Read more

March 30, 2018
How To

Importing Your Google Chrome Passwords Into Cyclonis Password Manager

Without a web browser, visiting your favorite websites would be impossible. In addition to turning hundreds of lines of code into web pages full of cat pictures, however, modern browsers like Google Chrome can also... Read more

March 20, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.