How Passwords Are Stolen? - GoTechTalk


Friday, July 24, 2020

How Passwords Are Stolen?

Many online passwords can be a little bit trickier to manage, as the fact that many users have tons of them to keep track of and the fact that they're stored on a bunch of servers somewhere instead of being a physical thing you carry around in your pocket gives miscreants more opportunities to pry into your online life.

How exactly do passwords get stolen I mean very supposed to be encrypted right well yes but you might be surprised to know that many times passwords aren't stolen by some crack group of cyber criminals using super fancy hacking techniques, but are instead harvested through social engineering methods, where the bad guys will straight-up ask for someone else's password this usually takes the form of a phishing attempt where some malcontent will send you an email or a steam message that claims to be from your ISP or your bank asking you to send your login credentials for some vague security related reason.

There's a similar concept called Tab Napping where you will actually get redirected to a fake website that's built to look as much like the real thing as possible where you enter your login information because the page looks official even if you're tech savvy are smart enough to realize what's going on when you see a phishing attempt it's actually still quite easy to inadvertently click links in scam emails or dodgy websites that install keyloggers into your system and send every you type including passwords back to an attacker,  keyloggers don't require a whole lot of technical expertise to use making them a popular choice for amateur online feeds then once someone unscrupulous has your username and password combo it's quite easy for them to use automated tools that will try your credentials on lots of different websites and since statistics have shown us that over half of all Internet users reuse the same password on multiple sites there is a distinct possibility that if your password for one site is stolen your other accounts could be compromised as well but let's suppose you're quite careful about phishing and suspicious links and you use a unique password for  every site exactly how safe are you?, 

well if an attacker exploits vulnerabilities in a server security and is able to find encrypted passwords they could break the encryption if it's not sufficiently strong or if the password themselves aren't very long, a common way that password dumps that leaked your credentials to the entire Internet can happen, even a mid-range modern home computer can guess millions of passwords per second and billions if it uses a discrete graphics card meaning that many passwords can be cracked within just a few days or even hours if you're using commonly used words or phrases. but you obviously don't have much control over how the sites that you use store your passwords.

Spoiler alert passwords like QWERTY and one two three four five six are terrible ideas and yet they're used all too often and are very easy for attackers to guess.

No comments:

Post a Comment