Computer Security Technology Ltd

+44 (0)20 7621 7836 LinkedInTwitter

+44 (0)20 7621 7836 CSTL LinkedInCSTL Twitter

December 15, 2013

One cracker to avoid this Christmas

'Tis the season to be jolly but that won't stop the determined cyber criminal from trying to steal your personal details. So here are some tips on how to avoid the 'password cracker' this Christmas.

Password crackers are becoming increasingly efficient at what they do, helped along by more sophisticated software, previous hacks and lazy password choices. So here are some things to bear in mind the next time you’re asked to create a user account on a new website.

How not to choose a password

This month, BBC security researcher, Per Thorsheim, reported that previous hacks and the resulting password lists that have been exposed online have given password crackers a greater understanding of what types of passwords people use.

It seems that despite warnings not to pick a password containing personal information, many users still choose words, phrases and numbers that link directly back to them. For example, pets’ names, birthdays, children’s names, house numbers, street names or favourite pop stars are all popular choices by many.

Intelligent targeted attacks

Mr Thorsheim went on to explain how crackers no longer rely on raw computer power to crack passwords. He said that ‘brute forcing’ is the last tactic crackers would use today because, even with technological advances, it is still virtually impossible for computers to guess billions of passwords within a relatively small amount of time. Instead, it is much easier for crackers to use personal information left on the web by the user to work out what their password is likely to be.

Today, attacks are likely to be more targeted scouring social media for words, names and dates associated with a victim. Knowing the names of someone’s children, pets, parents or street can help unpick a password very quickly.

Ensure you use more than one password

Ultimately, the bad guys know it’s worth doing whatever is necessary to crack the first password because our natural laziness makes us such lucrative prospects.

Reports state that up to 70% of username and password combinations are used on multiple websites, which means if a hacker can establish your login to one site he has a fair chance of logging into to others too using the same details.

This is the reason that many cyber criminals target smaller sites with less security protection in order to access a list of passwords that can then be used to access other online services such as personal bank accounts.

So, if you want to avoid the clutches of password hackers, PLEASE consider these suggestions:

1)

Only use words that are vaguely associated with you - not directly related to you.

2)

Ensure the passwords you use for high risk accounts such as internet banking and credit cards are never used anywhere else.

3)

Consider using a phrase to create a complex password: example ‘I started work for Acme Ltd on the 12 July 1999’ taking the first letter of each word becomes; Iswfoalot12j1999, and one step further would be to replace say an ‘s’ with a ‘$’ resulting in a very strong password, which becomes “I$wfoalot12j1999”. You may well forget the password, but by remembering the more memorable phrase, you can quickly recreate the strong password.

4) Ensure your staff are aware of the Do’s and Don’ts, especially those with access to company electronic banking privileges. Such as how to recognise a fake or bogus bank portal, never to divulge full pins, full pass phrases or full passwords etc. Educating staff and getting them ‘onside’ provides another line of protection. Arguably one of the best forms of defence is a well-informed workforce.

Please call us or email on info@cstl.com if you want more advice or suggestions on how to defend against cyber fraud.