How to Prevent and Protect Against Stolen Usernames and Passwords

We seem to hear it often enough in the news. Another security breach. Another hack. Millions of usernames and passwords were stolen from another large organization.

There is a reason why a hacker is interested in your username and password and that is money. There is a market for them on the dark web. A Twitter account sells for more value than credit cards because of what it potentially can unlock. EBay and PayPal accounts are also hot commodities and sell for $27. The price for these accounts will vary depending on the perceived value of the username and password.

In 2012, LinkedIn had 117 million passwords stolen. Sounds like old news, right? In recent news, hackers were trying to sell this data in the dark web for 5 Bitcoin which is approximately $3,716.65 US dollars. These passwords are still valuable because people tend to reuse their passwords. If you still haven’t changed your password, change it and use two-factor authentication.

Hackers don’t just go after larger organizations to steal usernames and passwords. Everyone is a target. No one is immune.

How Do Hackers Steal Passwords?

Hackers have numerous methods that they can use to get your password. The list below covers some of the more popular techniques.

Phishing Pages

The common way hackers steal passwords is through phishing.  The hacker sends you an email enticing you to click a link and go to a web page where you enter your login credentials. This web page can look like a real Facebook or Gmail login page.

Wi-Fi Traffic Monitoring

If you are sitting in a café or airport lounge and you log into one of your accounts, you could be at risk to have your username and password stolen. A hacker can use a simple application to monitor the traffic on a public Wi-Fi. The application sends a notification, and then the hacker can intercept your credentials.

Brute-Force Attack

Hackers have access to many tools that just makes their work easier. To perform a brute-force attack, a hacker can download a free tool to enter different passwords to log in over and over until it is cracked. People tend to use simple passwords so a hacker could crack your password within 24 hours.

Keylogger

This is a tool can be delivered in an email. A couple of clicks and then unbeknownst to you, a keylogger is injected into your browser. It will capture all your keystrokes and then store them in a log file which is then sent to the hacker.

Protect Your Sensitive Information

If you are like most people, you have numerous accounts and only use a couple of passwords between them. Hackers will enter your stolen username and password into a program that scans tens of thousands of websites until they get a hit. If you use the same username and password for many sites this gives a hacker access to your other accounts leaving you vulnerable.

To protect your sensitive information and prevent easy access to your accounts, don’t use the same password. This would be a good start. Passwords like “123456” and “password” were part of the top 10 commonly hacked passwords from the breached LinkedIn database back in 2012. Why make a hacker’s job so easy?

Here are some tips to create a strong password.

• Pick a password that is a combination of lower and uppercase letters, numbers and symbols
• Go for a minimum of 12 characters
• Don’t use birthdays, addresses or a phone number
• Don’t use common dictionary words
• Don’t use easy substitutions like “passw0rd”
• Don’t use the same password for your accounts

Once you have created a strong password, use two-factor authentication for an added measure of security.

Protect your Password

Not only do you need to create strong passwords, you need to protect them.

• Don’t ever give it out.
• Don’t’ use Wi-Fi for banking, email or logging into accounts. Always use an HTTPS connection to ensure that information is encrypted.
• Don’t store your passwords on your computer.
• If you have concerns about trying to remember so many different passwords, you can opt for a password manager.

To deter hackers from stealing and hacking your sensitive information, use strong passwords and take preventive measures to protect them. Protecting passwords are not only the responsibility of individuals. It needs to be a consolidated effort between individuals, websites and companies.