You’ve probably experienced it before: You’re going about your day and you read an email saying that your password has been changed on one account, but you never requested that change. Or even worse, you’re probably the victim of a total compromise in which you cannot access any of your accounts, and while all that’s happening, someone else is using your identity and PayPal account to talk and send your money across the Web!
This kind of event could be life-changing, and not in the positive sense of the word. This is why we need to discuss how hackers steal your passwords and the methods they use. We will also show you ways to help prevent this from happening to you.
1: Password Recycling
Perhaps the most common way hackers steal your passwords to multiple accounts is by grabbing it from a document containing leaked passwords from another hacker more skilled than he is. This happens when someone compromises a database on one of the services you use and grabs all the passwords (this is easy if they’re unencrypted) stored in it. Afterwards, he will leak those passwords by posting them into a temporary document publicly. When that happens, a bunch of scavengers take what they can find and try out the emails and passwords of these accounts on PayPal and other known services.
This works because the typical Internet user will use the same password for many of his accounts. To prevent this, just use different passwords and put them on a post-it. Better yet, use a trustworthy and secure single sign-on provider.
2: Wi-Fi Sniffing
When you’re on your phone, tablet, or laptop, the added convenience of connecting to networks outside your home is a trade-off. You’re trading your security for convenience (as in most things in life). While you browse through unprotected WiFi, you’re basically broadcasting your data to everyone. Since your data is sent via radio waves to the router, it will simultaneously reach every connected device. Normally, they ignore the data you send, but someone could be using a WiFi sniffer which picks up any data you’re broadcasting. This will include URLs, passwords, and other private data.
To protect yourself from this, you should use a VPN service. Many VPN services provide encryption in the connection and are compatible with virtually every device.
3: Security Questions
When you recover an account, one of the steps may be to answer a security question before you can reset the password. Often, the hacker will already have complete access to your email account. Security questions are usually a weak excuse for a security measure. Usually they are things like “What city were you born in?,” or “What college did you graduate from?” With access to your social networking page, this is easy to crack. If you have the option of choosing “Other,” write a security question that’s impossible to find the answer to without your help.
4: Dictionary Attacks
Although many sites (like Google) disable an account after three failed login attempts, the dictionary attack remains effective in sites belonging to smaller or less secure organizations. In a dictionary attack, the hacker will run a script that will iterate through every word in a specific dictionary. He starts with commonly-found passwords then goes on to less likely choices. To make this job difficult or impossible, choose a password with at least one capital letter in the middle of the phrase, one space, one number, and one symbol.
If you know any other way hackers steal your passwords to get into your accounts, feel free to leave a comment below and let other readers know!