Hackers steal passwords in data breach 101
Rarely a week passes without news of a breach or a friend revealing their account has been hacked.
It’s only natural that you ask yourself: “Why does it keep happening?” How do criminals steal credentials from accounts? How can I protect myself from pwned credentials?
Start with the two first questions. Hackers use the following techniques:
Phishing and social engineering
The goal of social engineering is to trick you into divulging personal information, such as your phone number or password. An attacker may pose as someone that you trust or know, such as your boss, bank or old college friend, and trick you into sharing personal information.
Hackers “phish” information every time they do this. The social engineering technique can be done via email, text, or phone (known as “vishing”) The attackers will send out phishing emails in bulk to thousands or hundreds of recipients, with the hope that some might be tricked.
Credential stuffing and password leakage
Hackers don’t sit at their computer and test different passwords in order to gain access to your account. This is too time-consuming, and hackers will likely get locked out of your account after several unsuccessful attempts. They’ll instead try the credentials they leaked during previous security breaches.
The average user rarely changes their password. If they have a password and username for an older MySpace account, it’s likely that those credentials will also work with Yahoo. Hackers use special software to check stolen credentials across the internet. Credential stuffing is the name of this type of attack.
Dictionary attacks for cracking password hashes
Imagine that an attacker finds a password database. The only problem is that every credential was scrambled using a hashing algorithms for security. An attacker can run each password possible through the most common hashing algorithm and check if the results match anything stored in the database. This is not a very efficient method.
Attackers will instead try to guess passwords by using common phrases or words. The hacker can then try to decrypt the password and access the account or see if it is compatible with any other accounts.
We’ve already covered the ways hackers can steal passwords. What can you do now to protect yourself from these attacks and other data breaches?
Use a password that is unique for each service to protect yourself.
Use strong passwords that are unique for each account. So, even if the data on one website is compromised, your other accounts will remain secure. A password manager is a better option than trying to remember or create hundreds of passwords. Use 1Password’s password generator built into the software to generate secure passwords that are suitable for all websites, including Amazon.com and Gmail.
Enable multi-factor authentication
The multi-factor authentication feature adds another layer of protection to online accounts. After enabling multi-factor authentication, you will need to add a second factor (usually a code with a specific time limit) in addition to your password and username. 1Password tells you what websites are multi-factor authenticated and will act as an authenticator by copying, and then auto-filling the special codes.
WebsiteLink
Watchtower helps you stay on top of the latest security threats
Watchtower alerts you to data breaches, as well as other problems with security that may be related to the items saved in 1Password. This includes websites that you have weak passwords or have re-used them, and services you are yet to utilize passkeys. Follow the Watchtower notifications to improve your security.