Despite being a common go-to in cybersecurity, passwords have become an insufficient security measure in recent times. In 2022 alone, cybercriminals exposed over 24 billion passwords, most of which were likely due to weak, reused, or stolen credentials. Therefore, it’s time to rethink our password strategies.
In this blog, we’ll explore the most common password security threats and how to defend against them.
Poor password habits
Many people have weak password habits, putting their online security at risk. A prime example is using the same password or a variation of it across multiple accounts. According to the 2022 Psychology of Passwords Report, 89% of respondents recognized this practice as risky, but only 12% used unique passwords. The majority (62%) admitted that they rely on the same password, or a variation, for everything. While convenient, password reuse significantly increases the risk of a compromised password exposing all other accounts using that password.
Another poor password habit is using weak passwords such as “12345” or “password” and those that contain easily searchable personal information such as birthdays or names of family members. Such passwords are vulnerable to brute force attacks, where cybercriminals systemically try various combinations until they find the right one.
To stay safe online, use passwords at least 12 characters long and create unique codes for each account.
A majority of respondents admitted that they rely on the same password, or a variation, for everything.
Credential stuffing
To bypass legitimate logins, cybercriminals might resort to credential stuffing. This cyberattack involves using automated tools that leverage stolen username and password combinations from previous data breaches, inputting these stolen credentials into various websites or online services in an attempt to gain unauthorized access. Since many people reuse passwords across different accounts, cybercriminals typically have a good chance of success.
To combat credential stuffing, consider enabling multifactor authentication (MFA) for your accounts. MFA adds an extra layer of security by requiring users to present more than one proof of identification. This way, even if cyberattackers have stolen your login credentials, they would still need to fulfill the additional verification steps to successfully log in to your accounts.
Malware attacks
Cybercriminals often install malicious software (i.e., malware) onto computer systems to try to steal users’ login information.
One such malware is keyloggers, which record every keystroke you make, including the credentials typed into login forms. With this stolen information, cybercriminals can gain unauthorized access to your accounts or sell your credentials on the dark web.
Spyware works similarly, installing itself onto a device without the user’s knowledge to collect and transmit personal information, including your browsing activity, back to the cybercriminals.
To combat keyloggers, spyware, and other malware, you should invest in reliable antivirus software and keep it up to date. An antivirus detects malware and removes them before they cause harm.
Additionally, be cautious when downloading and installing software or clicking on links from unknown sources, as these can be a breeding ground for malware.
Social engineering
In social engineering attacks, cybercriminals manipulate users into divulging private information, such as passwords or other sensitive data.
A common social engineering attack is phishing, which typically involves sending deceptive emails, messages, or websites designed to impersonate legitimate organizations or individuals. Phishing messages often contain links or attachments that, when clicked or opened, lead to fake login pages where unsuspecting users are prompted to enter their passwords. This information is then captured by the cybercriminals, granting them access to the person’s account.
To protect yourself from social engineering attacks, it’s crucial to remain vigilant and skeptical of unsolicited requests for personal or sensitive information. Always verify the legitimacy of requests by contacting the organization or individual directly, rather than responding to the communication in question.
If you’re looking to improve your cybersecurity, our IT experts at SpectrumWise can help. We offer a wide range of security solutions, from proactive network monitoring to the latest firewall software. Schedule a consultation with us today.