Password Stealing and Security
Password is the key to access our digital life.
A password is a first line of defense to systems and personal information.
Password stealing is used by the hackers to exploit user credentials.
It allows attackers to access personal information from the system and modify your credentials.
It may cause serious data loss from the system.
How to steal Passwords
Password can be observed during entry.
When password is given away voluntarily
Writing down the password somewhere and the piece of paper gets stolen
It can be guessed
It can be so short that an exhaustive search will quickly find it
Can be stolen by using password stealing tiils
Password can be stolen using techniques like Social engineering and Shoulder surfing
When password stored somewhere in clear text that can be copied
Password which is encrypted using very weak encryption algorithm
Password stealing Techniques
1. Social Engineering
Social Engineering is a kind of non technical attack. These attack aims people to get their personal information. There is no cure for human stupidity, so social engineering can make advantage of it.
An unknown person takes user credentials by using an email or by asking questing over the phone.
2. Phishng
Phishing is a kind of Internet scam where the user is convinced to give their valuable information. It acts like a trusted mail or website and force the user to give their personal credentials.
It’s purpose is to get access to the user’s bank accounts, password, and other personal information.
3. Guessing
Guessing is the easy way to conduct password stealing. Many users choose weak passwords which are vulnerable to password guessing attacks.
The attacker collects personal details of the victim such as phone number, DOB, vehicle number etc. And tries to guess the password by using various combinations of these personal information
Weak password may be the words like ‘password’, ‘I love you’, ‘passcode’, or it may be the user’s name, parents name, pet’s name, mobile number, girlfriends’/boyfriend’s name , etc
Some of the password combinations are,
Victim’s name+date of birth
House name+number
Girl/Boy friend’s phone number
4. Shoulder Surfing
Shoulder surfing is done using observation techniques, it is conducted by looking over someone’s shoulder(Means hands, key pad), when they enter a password.
Shoulder surfing is an effective way to get valuable information. Because it is easy to stand next to someone and watch their activities such as entering passwords, typing personal information etc. Shoulder surfing can be done with using vision enhancing equipments like binoculars and video capturing devices.
5. Spying
Spying means spying on the victim using Spy softwares like key loggers. The attacker can monitor each and every process of the computer and easily track the passwords. The spy softwares can record key strokes, take screen shots and send that to the attacker via email.
Instructions for Improving password security
Don’t do’s
1. Don’t use Any word that appears in the dictionary
2. Don’t use any personal information
3. Don’t use your name or anything that belongs to your personal information.
4. Don’t use the same password for all of your online accounts and local system
5. Don’t write your password anywhere. Some one writes down their passwords and pin numbers into their wallet diary. Its too dangerous.
Do’s
1. Use lengthy passwords, Lengthy passwords are not too easy for Brute force
2. Change your passwords regularly.
3. Use different passwords for different purposes. Most people use the same password for all of their accounts. So if one password is compromised then the attacker can get in to all of your accounts.
4. Include Numbers (0 – 9), Special characters (!, &, * etc), upper and lower letters in your passwords.
5. Use strong passwords for Administrator accounts
6. Terminate unwanted processes and unknown services
7. Change the password periodically
8. Use strong encryption to encrypt the password hash files like SAM
