Feb 18, 2022 | Security

What everyone ought to know about their passwords

Article written by First Reef

Did you know that in 2021 the most commonly used password was “123456“?

In 2022 we are relying on cloud-based applications more than ever before. But, as our online activity grows, so does the likelihood that you will become the victim of a cyber-attack.

Have you ever considered how your password will hold up against a hacker?

Why would anyone want to hack my email address?

Let’s say you have been very diligent in keeping personal data and passwords out of your email. What could a hacker do with your email account other than read your private conversations?

Have you ever had to reset a password using your email address as verification? As convenient as this is when you forget a password, a successful hacker can use that same process to gain access to any platforms that use that email address to log in.

Not to mention that hacked email accounts are valuable to other hackers. Your account could be hacked by a bored teenager in their bedroom but end up getting sold to a malicious criminal organisation.

Cybercriminals often don’t know the value of their targets until they’ve successfully gained access. They may even log in from time to time to check for new activity, without you knowing.

How can my email account be hacked?

A hacker can use multiple methods to gain unwarranted access to your account:

  • Brute Force
    The hacker uses a program that rapidly attempts every possible combination of letters, numbers, and symbols to guess the password
  • Dictionary Attack
    The hacker uses an application to go through a vast list of commonly used passwords with many permutations to find yours. Passwords such as “qwerty”, “holden” and “password1” are often cracked using this method.
  • Informed Guessing
    Someone can use personal information about you, such as the name of your pets or where and when you were born, to guess passwords like “pepper1982” or “perth04”
  • Social Engineering
    This is where someone manipulates you to give them your login information without you realising. Someone may call you pretending to be your web developer or your internet service provider, claiming that something has gone wrong that they need your password to fix. In this case, the strength of your password isn’t so important, but always make sure you know and trust the people you give your information to.

Unfortunately, finding a program to help you hack passwords is as simple as choosing your flavour of hacking tool and picking an email account to have a go at.

Screenshots of publicly available password cracking tools

What can I do to protect myself against getting hacked?

Your password is your first line of defence. The stronger your password, the less likely someone will gain access to your account. However, simply adding a few numbers or capital letters to your password isn’t enough to stop a “brute force” attack.

For accounts that contain sensitive information, it is recommended that you use a password with:

  • at least 20 characters
  • a combination of random upper and lowercase letters
  • numbers and symbols.

You should also use different passwords for every platform, so if one is compromised the hacker doesn’t have access to all your other accounts.

You can use the chart below to see how your password will stack up against a brute-force attack.

Chart showing how quickly a password can be cracked

What if I can’t remember my passwords?

But what if you want to quickly and easily log into your accounts without having to try and remember your complicated and random passwords?

That’s where an online password manager comes in. Platforms such as LastPass allow you to securely store your passwords which are then encrypted using your “Master Password” (or the “Last Pass”-word you will ever need).

You can search and autofill your usernames and passwords into websites at the click of a button.

You can try LastPass out for free by signing up at lastpass.firstreef.com.au

What else can I do to keep my accounts safe?

Aside from choosing strong passwords, we strongly recommend setting up 2-Factor Authentication for any platforms that you use to manage your finances, identity, or anything related to your business or website.

The 2-Factor Authentication process sends a text message to you with a six-digit code to enter when login in. Alternatively, you can use the Google Authenticator App that generates a new code every 30 seconds instead of sending you text messages.

For more information on setting up a password manager, 2-Factor Authentication, or improving your password strength, please feel free to reach out to devs@firstreef.com.au with any questions.