avoid getting hacked
There are many ways to avoid getting hacked but hackers are like sharks - they patrol the waters seeking an easy meal - by meal of course we mean an easy password - get a users password and your job is done!
Your password is your property and no one [repeat] NO ONE has a right to it!
Here's a brief example of a simple "Penetration Test" used by PEN companies to gain access to company infrastructures to test security.
- Check out the new person on reception.
- Get the name of the head of IT.
- Walk in to reception and introduce yourself - "Hi there, my name is (make name up) and my company (ACME) has been asked to check your networks by (head of IT) can I just access your computer please?".
- This is swiftly followed by either "Do you mind just logging in?" then "Oh this may take a while - grab a coffee, oh before you go just let me know the password so I don't bother you".
- Eager to please the receptionist hands over the password and you're in.
The above is a very simplified deployment of grabbing a password and with that a hacker can simply navigate their way through the entire company system. It's extremely simple and very easy to achieve and that's what a hacker wants - ease of access.
So remember: Your password is your property and no one [repeat] NO ONE has a right to it!
Passwords can be guessed
Some passwords can be guessed by a little cold reading skill. Mediums and psychics use cold reading to create the illusion of speaking to the departed. It's all a massive confidence trick where by a hacker can get you to reveal your password or at least pointers to what it might be with a few simple questions like:
- Your name
- Your pets name
- Your favourite teacher
- Your favourite holiday destination
- etc...
Stop right there!
Look again at the above and ask yourself - have you seen similar on social media?
Last year alone there were thought to be over 10,000 successful hacks on social media accounts based on those sort of questions that users innocently completed.
Remember that your password is the key to your front door!
There are many ways in which a hacker my crack a password not least of which is simply hacking a database full of passwords - the HOLLY GRAIL particularly if they are unencrypted!
The risk of amateur web developers
Many people have had a go at website development but there in lays the risk - is your password stored secure for any system they create? It's always worth asking because if they're not sure of what they are doing they may be storing your password extremely insecure and chances are their own password is not secure either - grab that, grab them all!
What makes a good password?
- At least 8 characters
- Has a mix of upper case (A, B, C etc), lower case (a, b, c etc), numbers (1, 2, 3 etc) and special characters ($, @, & etc).
- It is NOT a word you recognise (FredSmith123!!!)
- It is stored ENCRYPTED (%6*8 blkugig$4435%85!=_mnuglkb)
- Don't repeat characters (FredSmith!!!) because the ! character will have the same marker - get the first marker you have the other two at the same time!
- Avoid the classic - the letter exchanger - for example "Password" becomes "p@33W0rd" - the exchanged words are fairly simple to guess
- With a mix of letters, characters and numbers over 8 digits long a fairly safe password may be created.
Change them regularly
Changing passwords regularly is a bit of a pain but to be REALLY safe we strongly suggest doing so. In the event of a database full of passwords getting hacked - a regularly changed password could mean that the leaked database contains an old, out of date password!
So remember: Your password is your property and no one [repeat] NO ONE has a right to it!
If you would like to know if your password, email and other data has been compromised there's a service you can sign up for that will notify you if your details have ever appeared in a known data breach. If they have you could then take action to protect yourself.
Visit: https://haveibeenpwned.com (link opens in a new browser window
If you would like to know more about security and how we secure our client's data please contact us.
Stay safe out there - never give your password away!