The 2022 Weak Password Report, which is an investigative look at the state of passwords used globally, had some interesting findings on how people still reuse old passwords to protect their data and the common themes, patterns they follow to set a password.
According to the report, which was released recently by the Sweden-based password management and authentication solution vendor Specops Software, 93% of the passwords used in brute force attacks include 8 or more characters. Meanwhile, 54% of organizations do not have a tool to manage work passwords. In another sign of people reusing old passwords, the report revealed that 42% of seasonal passwords contained the word “summer”.
Also read: How to check if that mobile app is spying on you
But what exactly is a “brute force attack”, “shoulder surfing” or social engineering? These are cyberattacks – or password attacks – which compromise and exploit your personal information by decoding the passwords you use to keep people out. Can you stave off these cyber attacks on your own? You can – with the right online tools (a dependable password manager app and antivirus software) and password hygiene. Based on insights from cybersecurity company NortonLifeLock, here’s a look at 8 password attack terms and what you can do to protect yourself.
Brute force attack: This type of password attack is essentially a guessing game where the hacker tries different password combinations using hacking software until they’re able to crack the code. (What you can do: These instances can be avoided by creating a unique password for every online account)
Credential stuffing: A brute force attack that uses stolen credentials to break into your online accounts and profiles. Aside from using spyware and other kinds of malware to get the credentials they want, the dark web often has lists of compromised passwords for cybercriminals to use. Hackers may use these lists to carry out their credential stuffing schemes and exploit your data. (What you can do: Enable two-factor authentication for online accounts to avoid any suspicious login attempts)
Social engineering: One of the most sophisticated techniques that cybercriminals use is by creating “social engineering websites”, which seem like legitimate login pages. Only, these fake login fields won’t give you access to your account. They only record the information you type in, giving the cybercriminals exactly what they want. (What you can do: Avoid clicking on suspicious links or attachments and always look for legitimate pages with https//.)
Keylogger attack: This is a spyware used to track and record what you type on your keyboard. Despite being legal to use, depending on the reasoning, hackers take advantage of this software by intentionally infecting vulnerable devices and recording private information without their knowledge. (What you can do: Install a reliable antivirus software on your devices to avoid such attacks.)
Password spray attack: When a hacker uses a large number of stolen passwords — sometimes in the millions — sometimes on a small number of online accounts to see if they can gain access. (What you can do: Make a routine of changing your passwords every couple of months.)
Phishing: A term synonymous with everyone, phishing attacks often come in the form of an email or text message where the hacker may pair these messages with a link to a strategically designed social engineering website created to trick you into logging into your profile. These websites will record the credentials you type in, giving the attacker direct access to your actual account. (What you can do: Double check every URL before logging into an account.)
Man-in-the-middle attack: A man-in-the-middle attack uses phishing messages to pose as legitimate businesses to either use malicious attachments to install spyware and record passwords or embed links to social engineering websites to get people to compromise their own credentials. (What you can do: Double-checking, verifying the sender’s email address on suspicious email messages can protect you from such attacks.)
Shoulder surfing: Hackers often get their hands on passwords by looking over people’s shoulders in public as they type. This could happen to you at places like the ATM as well. (What you can do: Enable biometric features like facial recognition to sign into accounts on mobile devices. More importantly, be aware of your immediate physical surroundings)
Also read: How to protect your phone from malware and cybercriminals