Every single day a large majority of us have to login into some online application wether it is for school, work, or just leisure. If you surf the web long enough, you will start to notice some patterns on how companies approach the signup/login process and what you have to do if you forget your password. Many people assume that large companies do the right thing in order to keep our sensitive information secure but that doesn’t stop hackers from trying to break into our accounts and steal our infromation. But how can a hacker find out what my password is?! Well it turns out there are multiple ways that hackers try to figure out how to break in and that’s what we’ll talk about here.
Social Engineering Attacks
If you ever worked for a large company, you most likely have been introduced to this type of attack. Phishing falls into this category. Social Engineering Attackers try to blend in into your work environment posing as a partner, IT, or a known service company. The attacker will send an email that looks very legitimate but a small piece of the email will be altered with a malicious link. That email will have a hyperlink and when clicked on, it can download a virus on your computer. It may also redirect you to a login page that looks real but is fake just so it can capture your username and password. Many times the hacker will create a sense of urgency such a threat of service cancellation if you don’t act fast. This is a classic way to take advantage of busy working people that don’t always pay attention to the fine details. This is why it is important to always verify the senders email and/or stop and think if this email actually makes sense.
Brute Force Attack
This is one of the most common ways hackers try to break into your accounts. Brute Force Attacks happen when a hacker uses software to try all of the common password combinations until one works. In today’s time, there are so many different online services that people use, and this sways them to reuse the same old password that is usually easy to remember. These password may include birthdays, children’s names, etc. All of those things can be found on social media. Attackers will typically do research before attacking and narrow down password options. This is why it is critical to use complex passwords especially on sites as important as your online banking websites.
Key Logger Attack
This one goes hand in hand with Phishing. A Key Logger Attack takes place when a hacker manages to install tracking software on to your computer that keeps track of your key strokes. If you click on that malicious link in the email we talked about earlier, and this gets downloaded, the hacker will have a record of anything you have typed on your keyboard. If they are able to match your username and password to the site, all of your personal information is at risk.
Last but not least are Traffic Interception attacks. Those usually take place when you log into a site that is not encrypted. A hacker is able to capture the request from your browser and capture your password along with it. Even encrypted information is vulnerable but it is much easier to crack unencrypted information. This is why it is important to make sure you only interact with websites that are protected. Google Chrome showed a lock icon near the URL tab that displays wether a site is secure or not.
Are only users vulnerable to attacks?
Unfortunately not. Hackers tend to target corporations just as much as they target end users. If you notice any red flags on a website such as an odd URL or if the site is poorly designed with noticeable glitches, best practice is to not enter any sensitive personal information. You can research the credibility of a site by simply using Google. More often then not, someone out there may have already been affected by a malicious site that you came across.
Another give away is if a service stores your password. If you forget your password, and click the “Forgot my password” link, most sites will email you a link to change it right then and there. Sometimes a site will email you your exact password and if that happens, SUSPEND YOUR ACCOUNT! A company should never store your passwords because if they ever get breached, the hacker will have everything they need to sign in as you. Most companies use programs to encrypt your password so the company itself does not even know what your password is besides you. They use what is called “hashing”. A company will use a special algorithm to encrypt your password, so for example if your password is “password1234” the company‘s algorithm will make it look like this, “ v5skdk3409tjgi65dfagG4tig-b3fivw3fgras8dk”. Each time you type in your password, the program will run the algorithm on your password and verify if it matches the end result. This method is one of the most secure ways to secure customer passwords. Although it is not unbreakable, it is extremely efficient.
At the end of the day, we all have to take our online security very seriously. A vast majority of us spend a lot of time on our devices and it is easy to choose convenience over security. I hope this article helped to shed some clairty on how creative hackers can get to steal information so we have to do our best to protect ourselves.