12 Days of Cryptmas: Day 7 – Seven password breaches
A password breach is when a cybercriminal has your password and is able to use it to get into your account. Password breaches can occur due to social engineering and insider threats, but most often, weak password habits are the culprit.
Passwords are the keys meant to safeguard your online accounts and the data they contain. They should never be accessed by someone unauthorised to do so. Cybercriminals take advantage of individuals who reuse passwords, use weak passwords, click on phishing scams and insecurely store their passwords in order to launch their attacks.
One way passwords get breached is through password reuse. Password reuse is extremely common. In fact, 52% of people use the same password for multiple accounts because it’s easier for them to remember one password or several versions of the same password instead of strong and unique passwords for each separate account. However, this poses a serious risk because if a cybercriminal gets hold of that one password, they can access all the accounts you use it for. If a company that you have an account with were to be breached, and your password is exposed, cybercriminals can then launch credential stuffing attacks to see if they can access multiple accounts with the same password.
Using weak passwords
Passwords also get breached because they are weak. Any password that is easy to guess or uses a small number of characters that password-cracking software can easily crack is likely to be compromised by cybercriminals. Weak passwords are those that are too short, repeat letters or numbers and use personal information like the year you were born. Avoiding weak passwords and creating strong and unique passwords for each account is simple with the help of an online password generator that will create them for you.
Phishing scams are emails, text messages or phone calls from cybercriminals portraying themselves to be someone they’re not, like a company or family member, to get you to reveal sensitive information. A cybercriminal uses phishing scams to solicit information they can use to compromise your online accounts.
For example, a cybercriminal might send you a phishing email saying to immediately change your password because your account has been compromised. The email may even urge you to click on a link, but clicking that link could take you to a spoofed website that looks legitimate. If you enter your credentials into the spoofed website, you’re essentially handing them over to the cybercriminal.
Insecurely storing passwords
Anytime you store your passwords insecurely, like in a spreadsheet or the notes feature on your phone, you’re placing your accounts at risk of becoming compromised. Storing login credentials in an unencrypted format means cybercriminals can easily access your accounts and any data stored within them.
Insecure password-sharing methods
Password sharing is meant to give others secure access to your account with your approval. However, insecure password-sharing methods like sharing through text messages and email can be easily intercepted by cybercriminals. Furthermore, if a bad actor has physical access to your device, they can see the password in plain text.
It’s important that when you choose to share your passwords, you do so with full end-to-end encryption to prevent your password from being breached. A secure password manager can facilitate this type of secure credential sharing.
Want to learn more about password security?
If you want to know more about password security or even how you can become passwordless, then contact us at Netier today.