This simple 9 step process can seriously enhance your level of protection from the average hacker. It also means that if anything misses the net, and someone has a password still you don’t want them to have, the passwords will be changed at least within a given timeframe you set. This ensure you have a policy in place to ensures and enforces password changes, especially for admin based accounts which can cause a lot of damage
An advanced and under-used password security tip to consider is two-factor authentication, which is a way for websites to double confirm an end user’s identity. After the end user successfully logs in, they receive a text message with a passcode to then input in order to authenticate their ID.
This approach makes sure that end users not only know their passwords but also have access to their own phone. Two-factor authentication works well because cybercriminals rarely steal an end user’s password and phone at the same time. Leading banks and financial institutions enable two-factor authentication by default, but if not, the service can often be turned on by asking the website to do so. More and more non-financial websites are now offering two-factor authentication as well.
Low Security Credentials
Although it should be common sense, employees need to avoid the use of passwords that are easy for hackers to guess. Among the top ten worst passwords according to www.splashdata.com are those that use a series of numbers in numerical order, such as <123456>. The names of popular sports such as and are also on the list as are quirky passwords such as and even the word itself.
Emphasis should also be placed on the importance of avoiding common usernames. In analysis conducted by the information security firm Rapid7, hackers most often prey upon these 10 usernames in particular:
How Attackers Exploit Weak Passwords to Obtain Access
While most websites don’t store actual username passwords, they do store a password hash for each username. A password hash is a form of encryption, but cybercriminals can sometimes use the password hash to reverse engineer the password. When passwords are weak, it's easier to break the password hash.
Here is a list of common word mutations hackers use to identify passwords if they feel they already have a general idea of what the password might be
Educating end users on these tactics underscores the importance of creating long passwords (at least 12 characters) and applying multiple deviations, rather than something simple like just capitalising the first letter
We hope you enjoyed learning some simple tricks from “Ask The Expert” on Cyber Security. If you would like Sagari to review any specific topic then please feel free to email us directly by going to the Contact Form Here and emailing us what you would like our experts to help with
If you have any Cyber Security projects you would like us to review specifically, then please also get in contact using the Contact Form Here.
The Sagari Team
Ask The Experts