How Hackers Exploit Weak Password Vulnerabilities
- Aug 09, 2017
- Guest Author
The “password” is one of those seemingly foolproof ways to protect your online valuables. Like a secret word between you and a trusted friend. It’s meant to be something to keep your business private, and keep nosy friends, co-workers, bosses, and significant others from prying into your business. As it turns it out, they’re the least of your problems (relatively speaking). Our expert penetration testers have proven as such.
Many of us haven taken the password system for granted and have used it incorrectly, and it’s not so much our fault, but more a lack of education. How are we, regular individuals, to know about hackers? As one of our team members put it:
“Passwords used to be easy. Online providers didn’t ask for much. ‘Pick a password between 6-12 characters,’ they asked. Easy enough. Personally I used dictionary words such as prunes.” When newfangled apps came along, they demanded I include a number in my password, so my go-to password then became “prunes1.” Then as new technologies and more hackings happen, and my bank started demanding that I incorporate at least one capital letter in my password, in addition to one of these odd characters: !@#$%, so I upgraded my password to “Prunes1$” and so on. What a headache! With that said, I used the same password for my email, bank account, school account, Paypal, Amazon, eBay, everywhere, so it still wasn’t too bad. But then I started working for a cybersecurity company, and oh the horror when the reality of it hits you. Someone out there knows everything about me, and I don’t know how my information is being utilized.”
The goal of this blog post is to help you learn how hackers exploit weak passwords, the consequences, and gain best practice recommendations to improve the password management in your personal life and your organization.
Note: This blog post is but a shadow of a great webcast recently held by our Head of Security Research and top Ethical Hacker, Shawn Evans. The webcast includes a sample kill chain on how a hacker can attack via a compromised password. To watch the “How Hackers Exploit Weak Passwords” webcast, click here.
So to begin with, why even bother? What are the consequences of having having weak passwords? From an organization’s point of view, weak passwords can:
These are significant consequences that could potentially bring your organization its knees, and that is not an exaggeration. A good majority of small to medium businesses close down within two years after a data breach. By extension, your personal account and immediate family could suffer from these consequences as well if the attacker pursues your PII (Personally Identifiable Information).
So, what makes a password hackable? Here are the top six hacker go-to’s when trying to hack to your password:
If you look closely, this is human nature at work. People want convenience. Hackers rely on this knowledge when hacking. When trying to guess passwords, they’re looking that one person who uses “Password1” in their account, then escalate privileges from there.
So with that in mind, what makes a password secure?
It might seem to excessive, but this is really the only way to protect your data. Hackers have a variety of ways to try and access your account. Two primary they do it is either by guessing or cracking your password. What’s the difference?
Password Guessing
Password Cracking
For some of you who are reading this, this may seem too technical or advanced. Essentially, motivated hackers have a variety of tools and methods to either guess or crack your password. So with the in mind we have some recommendations for you on how you can help improve your password management personally and professionally:
More technical recommendations include :
To find out more about NopSec’s penetration testing services and vulnerability management products, feel free to fill out this form and we’ll reach out within one business day.