Hackers are jumping on the artificial intelligence bandwagon and upping their game. Get this: AI service PassGAN cracked 51% of passwords scanned in under a minute.
Cybercriminals have many more tools at their disposal to break into your banking, social media, and other accounts. You need a new password strategy immediately.
Common methods
Below are the password-hacking tried-and-true tools. Of course, there are others, but these are common because they just work.
- Brute-forcing: A special program enters different combinations of letters, numbers, and symbols much faster than a criminal could do by hand. A hacker can try up to 100 billion possible passwords per second. If your password is basic, you’re hacked.
- Dictionary attack: Think brute-forcing but smarter. Words from the dictionary, company names, sports teams and other common terms are checked. This lets someone crack your password even faster.
- Credential stuffing: Someone takes the login to one of your breached accounts and tries that email and password combo across other accounts and websites. This is particularly effective since many of us have had at least one password leaked in a data breach. It’s also why you should always go with a new password. (I know it’s a pain, and I have tricks to help below.)
- Phishing: Through a convincing text, email, or another communication, a scammer gets you to type in or click a link to a bogus site. A good example is a fake notification to change your password. You’re instructed to enter your login details (including your existing password). Yikes, you just handed everything over to the person controlling the site.
Maybe you’re always on your cybersecurity Ps and Qs. There’s still a lot working against you – like the idea that cybercriminals love to share what works among their circles.
They create free software that anyone can download and improve. A few standard options for cracking passwords have names like John the Ripper, Hashcat and Ophcrack.
Speaking of free, I have my own list. There’s no fishy stuff here, just free alternatives to expensive paid software that’s equally good.
What can you do about it?
Now that you know what they’re doing to break in, take steps to protect yourself against hackers. Here are new rules to keep your accounts safe:
Longer is better: Don’t use the minimum characters a site will accept. An eight-character password comprising only uppercase and lowercase letters takes 22 minutes to crack. A 12-character password that includes symbols too? About 34,000 years.
A passphrase is your friend: Instead of one or two words, try a longer “passphrase” that you can remember and then add the finishing touches. Perhaps you choose “I love to visit Hawaii,” which becomes “iluv2v!s!tHawaii.”
Get weird: Use fake words, extra characters and oddball phrases that won’t be slam dunks for those brute-force attacks.
Mix it up: Skip the random number or punctuation mark at the end of your password; instead, work it into the password itself. For example, you can replace an O (the letter) with a zero, like this: k0mand0_scholar. Or sub in a character for a letter it resembles, like this: f@nt@syFormer.
Make them fresh: Never reuse a password, even if it’s been out of circulation for a while. No, adding a new number to the end of an old password is not good enough.
Be diligent: Check you’re on the actual site before entering your password. Going to a site directly rather than clicking on a link in an email or text is always safer.
Don’t put yourself at risk: If a site lets you get away with “password” or “123456,” step away. If they’re that lax, you should worry about how they secure your information.
Source: eu.usatoday.com
