Why Password Are So Vulnerable

In a modern world, we are required to use passwords every day to access a multitude of systems – Office systems, e-mails, social media, banking, even to access the gym !

With so many systems needing passwords there is a tendency to re-use them across multiple systems. After all, if all of the systems we use have the same password then we are less likely to forget that password. However, what happens if one of these accounts is compromised.

Over the past few months we have seen a number of high profile companies suffer data breaches where instead of taking financial data, like the TalkTalk breach in November 2015, the target was personal logon details. Dropbox, LinkedIn and Yahoo all suffered large data breaches with Yahoo the largest ever with their 3 Billion accounts surpassing LinkedIn’s 117 million breached accounts.

The more worrying fact is that these attacks went undetected for a number of years. LinkedIn were breached in 2012 and not discovered until 2016. Yahoo took 2 years to declare the breach. Even Verizon, who are in the process of buying Yahoo were unaware of the breach.

What were are now seeing is hackers retrieving logon names and passwords to gain access to other accounts using the same logon details. With this information they can monitor e-mail traffic and gain access to other systems.

Let’s look at a normal scenario. You forget the password to a system and go through the password reset process. This will usually send an e-mail to an account associated to you. If the bad guys have access to that account they can reset your password in the middle of the night and then delete the mail you would receive advising of the change. They now have full control of your account.

In the old days, the hackers would gain access and attack the accounts straight away, which would then flag the issue immediately.

Now they gather the information, use that in small amounts to gain more system access to gather more information. By attacking in small parts, if an alert is flagged it will be at the company being compromised as opposed to at the source of the data breach.

How do we protect against these attacks – In all honesty we can’t. We are reliant on the security of the organisations we engage with in our ever connected world.

How do we minimise the risk – Easy !

  • Use a different password for each system you use.
  • Don’t use standard words or sequential letters & numbers (Password1, abcde12345, 123456, qwerty)
  • For PIN Codes on phones or PC’s, don;t use your bank card PIN code
  • Don’t write down your password and never share your password.
  • If you read of a company being compromised, change your password on that system immediately.
  • Make sure you log out of computer system and websites (inc Social Media sites) if using a shared machine away from your home (ie. Internet cafe, Hotel etc)

Comment (21)

  • 1winnings| 26th January 2023