3 Tactics Hackers Use to Steal Passwords


Passwords, a basic yet essential part of cybersecurity, are the first line of defence against cyberattacks in our increasingly digital world. However, according to research from Check Point Software, many users are under the false impression that cybercriminals have no interest in their personal information or data on their computers.

And it is for this reason that the robustness and strength of passwords are more important now than ever. With that in mind – thanks to Checkpoint – here are three of the tactics used to steal passwords along with the necessary steps to prevent any person from becoming a victim of cybercrime:

1. Phishing attacks

This method has become one of the most widely used tactics for stealing passwords and usernames. It works in a simple way: by sending an email that appears to come from a trusted source (such as banks, energy companies, etc.), but aims to manipulate the recipient and extract confidential information.

An example of a successful phishing attack was the data breach at Experian, where a fraudster purported as a legitimate client obtained the personal information of as many as 24 million South Africans and nearly 793,749 business entities.

One of the best ways to prevent a phishing attack is by implementing a two-step authentication. This extra layer of security prompts the user to enter a second password, which is usually sent via SMS. This way, access to an account is prevented even if they have the user’s credentials.

2. Brute-force or dictionary hacking

This type of cyber-attack involves trying to crack a password through repetition. The cybercriminals will try multiple random combinations, combining names, letters, and numbers, until they gain access.

To prevent them from achieving their goal, it is essential that users create complicated and complex passwords that cybercriminals would never be able to guess randomly.

To do this, it is necessary to leave out names, dates, and common words. Instead, it is best to create a unique password of at least eight characters that combine letters (both upper and lower case), numbers and symbols.

3. Keyloggers

These programmes are capable of recording every keystroke made on a computer and even record what is displayed on the screen. This information is then sent and stored on external servers, then used by cybercriminals.

These cyber-attacks are commonly part of malware that is been previously installed on a computer. The worst thing about these attacks is that many people often use the same password for different user accounts.

To prevent this, it is essential to use a different password for each profile or account. To do this, a password manager can be used, which allows both managing and generating different and robust password combinations for each service based on the guidelines decided upon.

Edited by Jenna Delport
Follow Jenna Delport on Twitter

Follow IT News Africa on Twitter