If you’ve been paying attention to popular news or even your Facebook news feed this past week, you may have come across the iCloud scandal. A hacker managed to compromise the accounts of tens of Hollywood celebrities. He then proceeded to release private pictures belonging to those people, for free, into the Internet for all the world to see. Studies showed that this was just one of many cases, only this one blew up like nothing before.
How do they do it?
How do hackers get past carefully thought out passwords? Is it really that simple? But more importantly, how can you stay safe online? Let’s find out.
How do hackers guess passwords? Before I go into describing their methods, let me lay down the figurative cards on the table. What are the odds that hackers have to deal with? When it comes to hacking online, for example, someone trying to get into your Facebook, it’s near impossible to succeed, provided the account is protected with a strong password. A few too many wrong guesses and the system will lock you out and, on certain systems, notify the user of this activity. So, no danger there. Things start to get worrying once hackers get a hold of the encrypted password file itself. They are then free to decrypt the file at their leisure.
With the processing power available today, a hacker can, with the use of special software, guess passwords at the rate of 1 billion combinations per second.
This method is called a Brute Force Attack. While that might seem like a lot, it’s not much when you do the permutation of any password that has more than 5 lowercase characters.
It goes like this:
- A 5 character password will take 10 seconds to decrypt
- A 6 character password will take 1000 seconds.
- Skipping to a 9 character password: 31 years!
Things get even tougher for the hacker when you start using uppercase characters, numbers and symbols. If you do the math, that’s 100 different combinations for each character. In other words, the odds to cracking a complex password such as this are astronomical. So, how do they circumvent this issue?
They use a method called Mutated Dictionary Attack and it’s truly an ingenious one. Instead of trying to force random combinations, they try and match passwords with words in a dictionary. They then mutate the words in ways an ordinary computer user would. For example, “pa55word”.
These are just two of the many methods that hackers have in their arsenal. Now that you have a general idea of how hackers hack, you can understand the basics of how to protect yourself with a strong password.
Staying safe online
Here are a few methods you can use to protect yourself from potential hackers and malware:
- As you know by now, coming up with a password that has over 9 characters (both uppercase and lowercase) and mixed with numbers and symbols is a great way of deterring hackers from guessing your password.
While they can study you and figure out words or numbers that you may use in your password based on your activities, you can further confuse them by using words that have nothing to do with you.
- You can also use international characters in your password which can only be activated by a certain combination of key presses (like holding down a certain key and typing a 3 digit number).
- While you’re at it, why not change passwords often, at leat every 90 days.
- Make them different for every website so if one of your accounts get compromised, the others ones will be safe from harm.
- Lastly, never store your password(s) in your system as they will probably not be encrypted by the OS and can easily be accessed.
Don’t divulge too much on social networks:
While the title is self-explanatory, let me elaborate. Make sure your public profile is devoid of your home address, phone number and similar kinds of private information. Refrain from sharing passwords to anyone while chatting even if it’s your wife (not questioning her trust though!).
Keep your system updated
Software companies keep their software safe by plugging security holes by releasing regular patches. Windows does it all the time. Let your software update themselves as it’s healthy for your system. Also, keep “Automatic windows updates” checked even though it can get annoying.
Get yourself a paid firewall
Windows firewall may be sufficient for normal use but if you’re a developer or if you have sensitive information in your system that costs thousands of dollars, I suggest you get a better firewall. There are many in the market that may interest you. A few examples would be Bitdefender, Avast! Or even Norton Security.
Use antivirus software
Intermediate to veteran users know how important antiviruses are, especially if you’re using a Windows OS. If you’re not using one right now, you’re putting yourself at a huge disadvantage. Windows is the most popular OS in the market and as a result, it’s the biggest target for malware manufacturers. Get yourself an antivirus now!
Use trusted websites
It’s paramount that you read reviews on an e-commerce website before you buy stuff from it.
Make sure the website uses SSL encryption and, if possible, read user reviews on the website before continuing.
You can even install browser add-ons that tell you if a website is trusted or not. Also, refrain from even downloading popular software from seedy websites.
Never buy stuff when you’re on an unprotected or public network
This one’s obvious but you should never access your bank account or log-in to PayPal to buy stuff while you’re on a network that does not require a password to access.