November 9, 2018
Passwords Aren't Enough: History of Passwords, Malware and More
November 9, 2018
Passwords are secure keys that we have to remember to access some document securely, online or offline. Sometimes they may be the only obstacle between a hacker and you. Today, password security is employed by all major sites across the internet and even in the local accounts of your PC, Laptop or Phones.
Although there are many methods of cracking a password being developed every day, all of these squares down to two basic types:
There is also another type of cracking called Birthday attack in which an algorithm tries all of the possible combinations of your birthday as your password. This method is implemented to crack numeric passwords and is insignificant for long passwords that allow letters, symbols, etc.. and so I am not talking about it so much in this article.
DO NOT USE PART OF YOUR BIRTHDAY AS A PIN NUMBER!
In brute-force, the algorithm tries all the possible combinations to figure out the password using letters, symbols, and numbers. This type of attack never fails! But for longer passwords, this type of attack consumes years to complete even with the most advanced computers existing. So it is not worthy to implement brute-force and sit years wishing it would be cracked. Although this method may be excellent to passwords 6 – 8 characters long.
USE A LENGTHY PASSWORD (PREFERABLY 16 TO 32 CHARACTERS LONG)
Part of Password may be Known
But this secure nature of long passwords to brute-force is lost if the attacker has some information like the knowledge of a part of a password. E.g. if your password is very long like qseftg@#acfe3859, this can be very hard to crack for a normal brute-force attack. Now consider the attacker knows your password starts with qseftg@#acfe. He already saved himself from brute-forcing for the first twelve characters. He would move on to crack only the remaining four chars and your 16 chars long pass breaks down to 4 chars.
NEVER SAY A CLUE OF YOUR PASS TO SOMEONE
Now, consider the attacker knows that the remaining part of your pass is just numbers. He will then only try brute-force with numbers, which even a kid with a PC can crack in seconds. In such a scenario, your password provides close to no protection at all.
The arrival of Quantum Computers
This already messy brute-force security becomes even more complex with the arrival of quantum computing. To a quantum computer, our 16, 32, 64 characters long passwords is just like cracking a 1, 2 or 3 characters long password for a traditional PC.
AS OF NOW, WE NEED NOT WORRY ABOUT THIS, BUT IN THE FUTURE, WE WILL NEED TO STRESS ON THIS
In dictionary attacks, an attacker tries to break the password using all the combinations of words found in a dictionary. People who keep passwords containing meaningful words are prone to this.
INCREASE PASSWORD SECURITY BY MAKING YOUR IT COMPLETELY RANDOM. DON’T USE WORDS FROM A DICTIONARY.
Viruses and Malware
Now, there are a lot of viruses, Trojans, worms etc.. out there that can steal the passwords you use instantly to your attacker. Please wait before you jump in and say, hey! I got the premium version antivirus! Read Below:
Do Anti-Viruses Matter?
All or most of our antivirus programs work on definition based protection. In this, when an attacker creates a harmful program, a.k.a. Mr. Virus and attacks people, popular antivirus companies detect this new type of program and provides the ‘knowledge’ or ‘definition’ about this to your antivirus program so that if it sees the program in your PC, the antivirus software removes it.
But the threat has to be figured out at the first place. Someone needs to be attacked for the information on the existence of such a new type of problem be known and companies create definitions on it. It has no point if you are the first one to be hit.
IT IS RIGHT THAT HAVING SOME PROTECTION IS BETTER THAN HAVING NOTHING. I DON’T SAY NOT TO USE THE ANTIVIRUS. I JUST MENTIONED NOT TO BE OVERCONFIDENT AS TO GO DOWNLOAD MALWARE THINKING YOU’RE PROTECTED. YOU ARE NOT.
Popular companies are trying to use features like machine learning and artificial intelligence to tackle this problem. This is a threat that requires urgent solutions and cannot be delayed.
Threat of Ransomware
Remember the Wanna cry ransomware attacks? Millions of people lost their PC’s to hackers because they didn’t update their PC’s at the right time and of running old Windows XP.
KEEP YOUR PC UPDATED AT ALL TIMES. THIS APPLIES TO ALL YOUR SOFTWARE AS WELL AS HARDWARE. WINDOWS GIVES UPDATES EVERY SECOND TUESDAY OF A MONTH. ALWAYS KEEP WINDOWS UP-TO-DATE.
New ransomware is getting more and more common all we can do against ransomware is to stay alert and not to accept downloads from unknown sources.
The New 2 Factor Authentication
Now every one of us heard of the new scheme of 2 factor or 2nd-factor authentication. Even if an attacker knows your password, he has to enter the code sent by your website to login. Thinks Like protection at fingertips huh? Think again.
Threat to OTP
Recently, a team of cyber researchers shown that we can easily intercept an OTP message sent by using the proper tools. This means that if your credit card is stolen, the OTP, which may be the only line of defense offers a meager protection.
ENABLE OTP WHEREVER POSSIBLE. DON’T HESITATE. EVEN IF IT IS HACKABLE, IT ADDS AN EXTRA LAYER OF PROTECTION.
It is true that the field of cybersecurity and passwords are a little ‘MESSY’. What we can do is to be alert at all times and prevent any unusual leak of information. Protect your information wherever possible. Here are some final tips to help you with password security:
- Do not include your name, birthday, place, etc.. or any other personal data in passwords.
- Use a password 16 to 32 characters long.
- Make your passwords completely random.
- Remember a few ’MASTER PASSWORDS’ and use a password management software for others. E.g. KeePass, Last Pass, Dash lane, etc…
- Don’t give any clue on your pass to anyone.
- Use an antivirus software.
- Keep your systems updated.
- Enable 2-factor authentication wherever possible.
Thanks for reading this article.