Someone Had to Say It

Passwords. It seems like we have to change them all the time. They are a pain in the butt to create on the spot and to remember. It also seems every place you create a password they have all their own rules. Upper case this, special character that, and my favorite, it must contain multiple numbers. Bah!

How to Get Hacked

Picture a hacker you’ve seen in a movie jamming away on a keyboard in a dark room cast in the glow from the computer screen. And after a brief moment the hacker looks up and says, “I’m in.” Now come back to reality. This never happens. Ever. Imagine being able to list off the winning lotto tickets for the upcoming lotto. If you could do that you wouldn’t be reading this because you’d have better things to do. This is basically what movie hackers are doing.

Let’s first gain an understanding of how hackers, and I am going to stop us there, the word hacker is used as a catch all for any activity we don’t understand on the computer. So let’s call these people who tried to steal peoples passwords and information what they are. Criminals. Online criminals.

So how do online criminals crack passwords? There are 2 ways typically. Way number 1 is called a dictionary attack. Basically, criminals pick a user name/email address and they throw the dictionary at the password field so-to-speak. They are not using the 2007 Webster’s dictionary in your mom’s basement, they are using a text file that has a list of words including common things people use as passwords. So essential they run a program that throws the words in their dictionary at the password field until it cracks. It may run for hours and hours depending on the strength of the password on the account. After trying each word, it will switch to combinations of words, and words and numbers, and letters and so on until it cracks. Here’s the bad news. Every password can be cracked, it’s just a matter of time. Here is the good news. The more difficult your password is to crack the more likely the criminal will move on to another user hoping to get quick easy access. So, if your current password is password, your account can be cracked in less than a min. As soon as the dictionary gets to the P’s.

I know what you’re thinking and yes. You can make it nearly impossible for criminals to get access to your accounts. But you have to have something setup, which we will talk about shortly.

Way number two criminals crack passwords is by using a program called a keylogger. Essentially it is malicious software that somehow gets installed on a computer and it reports every key you hit on the keyboard and in what order you do it. Hence when you go to sign into your email you’d type your email address first and then immediately after that, your password. That is all it takes. The criminal can read through the report and find everything they need.

How to Not Get Hacked (or Make You a Harder Target)

Let’s talk passwords for a minute. I would recommend that you:

  • Mix case of your password, meaning use raNdOM uPPeRCasE letters in your password

  • Have it be at least 8 characters long but not all one word

  • Use special characters but not as a letter, meaning P@ssw0rd is not a good choice because that is probably already in a criminal’s dictionary

  • Use words in an obscure language like Hawaiian, Icelandic, Welsh, and so on. Seriously. Not only is it fun to learn words in a different language it makes it harder to crack

So how do I avoid a keylogger? First off don’t install software from any unknown sources, ever. Second, make sure you have a halfway decent antivirus/antimalware/antispyware installed on the computer. That should really be all you need.

How to Not Get Hacked (Just About Bulletproof)

The best way to secure anything is through 2 factor authentication. That means that you would have to do 2 things to access an account. Like a password and a pin, or a pin and a fingerprint. If you have the ability to set these things up, I would highly recommend it.

If you do not have the ability to set up 2 factor authentication, don’t worry too much as long as you have a good strong password. There are a couple other things to consider; why do you think you would be a target out of millions of people, what are the accounts you are concerned about being compromised? The truth is that online criminals are usually trying to hack into the big institutions to get a list of their user base and user data. It is very, very unlikely that there is a criminal out there who wakes up today and says, “I am going to try and hack today.” It really doesn’t work like that. The way that individuals are targeted is through phishing and social engineering.

While this is obviously an exaggeration, this type of thing is happening all day every day to billions of people worldwide. It is called phishing because it doesn’t work on billions of people, but it does work on a couple hundred thousand of them. 100K x $200 = 20M. Just like real fishing you don’t get bites every time, but you do get bites.

To protect yourself from phishing, look at every random email very suspiciously. Check the senders email address. Any government institution will end in .gov. Like not like see the difference? Trickery. To simplify it, the government is not that efficient to send emails, if it were important you would get a letter. Things don’t move that fast in the government. When in doubt, throw it out.

And in the End…

Your accounts are your responsibility. There are some great tools out there for managing and remembering your passwords for you. You can do a quick web search for Password Manager and find some free options. Companies like google are using every tool on their end to help users secure their accounts by looking out for any suspicious logins, but it really is everyone’s responsibility to ensure the security of their accounts. Make sure your password is good and strong, use two factors if you can, don’t click weird links in emails or install software from unknown source, and for the love of God do not give strange people on the internet money. Stay safe out their friends!