By Jason Ross
•
29 May, 2019
Pa sswords are often the only security mechanism that protects our digital lives; for example, your password is the only protection applied to your email, banking or healthcare details. Good passwords are the crucial foundation component of your online security. Unfortunately, people choose terrible passwords and hackers know this. Why may you ask? Probably because good passwords are hard to remember and hard to type for many of us. Hackers know we often choose lousy passwords, as a result, they make use of freely available automated tools to "hack" your accounts. Often these hacks or attacks are opportunistic, sometimes they're targeted. There are several well-publicised examples where peoples social media accounts have been compromised. In some of these examples money has been stolen, often the attacker may try to embarrass you by posting inappropriate content to your pages, sometimes they may delete your account(s) that you may rely on for your business. how they obtain your password There are many ways your passwords can be compro mised, here are three . A standard method is to send you an email that looks like it's from Facebook as just one example, where they'll say you need to update your account details. If you fall victim to this attack you may supply the attacker with everything they need to access your accounts and not just your Facebook account. This is called a Phishing attack, and it's a common tool in the hackers toolbox because they work. As the attckers evolve their campaigns they look more legitimate to most people, even experts like us. Sometimes the attacker may use a hacking tool to execute an automated dictionary attack of known or commonly used passwords. These tools, once setup will run until they obtain a result the attacker can exploit. Sometimes all the attcker may need to do is perform a search on Have I Been Pwned which may provide them with a valid password they can use. Why do they look for passwords from previously compromised sites? Becasue most people will reuse their passwords elswhere! common passwords Many sites on the Internet will often publish a listing of the top 10 or 25 passwords in use each year. When you look at these (below), you see many of these passwords use common keystroke patterns such as "qwertyuiop". Some examples of common passwords are: