1. A file, folder, computer, or account protected by a password is safe.
Read the rest of the post and learn why that statement is no longer true.
Read the rest of the post and learn why that statement is no longer true.
2. Your passwords are secure as long as you only deal with reputable online businesses.
Big online businesses that serve tens of millions of customers worldwide are expected to hold a treasure trove of personal information – the favorite diet of identity thieves.
Big online businesses that serve tens of millions of customers worldwide are expected to hold a treasure trove of personal information – the favorite diet of identity thieves.
Therefore, these companies are always in the crosshairs of the world’s most highly-skilled hackers.
Take these recent examples, for instance:
LinkedIn - A file with 6.5 million passwords from LinkedIn accounts appeared in an online forum based in Russia
Yahoo - 450,000 usernames and passwords from Yahoo! were posted online
Sony(Playstation) - This massive breach involved 77 million Sony Playstation user accounts containing passwords and other personal information.
LinkedIn - A file with 6.5 million passwords from LinkedIn accounts appeared in an online forum based in Russia
Yahoo - 450,000 usernames and passwords from Yahoo! were posted online
Sony(Playstation) - This massive breach involved 77 million Sony Playstation user accounts containing passwords and other personal information.
Reputable businesses like LinkedIn, Yahoo! and Sony should be implementing the strongest security countermeasures available. But even these are not strong enough to withstand attacks all the time…
3. A password input box that obscures characters as you type hides your password from prying eyes.
The dots or asterisks displayed on a password input box are just meant to prevent people near you from seeing what you’re entering in there. How the password is actually stored or sent is a different matter.
The dots or asterisks displayed on a password input box are just meant to prevent people near you from seeing what you’re entering in there. How the password is actually stored or sent is a different matter.
4. “Strong” passwords are difficult to compromise.
Even if your password is long and complex (e.g. a combination of uppercase and lowercase letters, numbers and other non-alphanumeric characters), if it is stored or sent in plain text, you’re toast if the hackers get hold of it.
Plain text means it can be viewed exactly the way it has been entered, using easily accessible tools.
Even if your password is long and complex (e.g. a combination of uppercase and lowercase letters, numbers and other non-alphanumeric characters), if it is stored or sent in plain text, you’re toast if the hackers get hold of it.
Plain text means it can be viewed exactly the way it has been entered, using easily accessible tools.
For example, if your password is Super$ecretp@Ss, a free downloadable tool like Ettercap enables your password to be viewed exactly in that form : Super$ecretp@Ss. If, however, your password is encrypted, it means that it has been scrambled. It cannot be viewed using the same tool (Ettercap). It might be displayed something like this: xt%y&1sm^*gt;>2.
Unfortunately, many software applications still store and send passwords in plain text. That is why hackers still find the first three items. The next section is so effective.
5. Hackers use sophisticated tools to steal your password.
Actually, many successful hackers don’t require sophisticated tools to acquire passwords. Some simply use crafty conversational skills. In the highly publicized hacking of Wired Senior Writer Mat Honan, the hackers made extensive use of social engineering, a technique that relies heavily on the art of deception.
No comments:
Post a Comment