Hackers use tools that automate the password cracking process by running through all possible combinations until they find one that works. For example, they may start with a, then b, then c, etc. until they get to z. If your password is not one of those, they’ll try aa, ab, ac, ad and so on. Password cracking tools are able to run through all of these combinations very quickly.
No matter how strong you make your password, there’s always a chance someone could find out what it is without needing to use software to crack it.
Common ways in which passwords are compromised are:
- Using the same password – An online service you use could get hacked exposing the password you’ve used there too. This then enables cyber criminals access to other services if you have used the same password.
- Writing passwords down – A recent study revealed that 1 in 5 people keep password written down close to their computer. If passwords are written on post-it-notes and stuck on you monitor this can leave you exposed.
- Phishing Scams – Scam emails are sent out suggesting you mailbox is full or going to be deleted, and you must re-activate your account. This will take you to a scam website where you have then given away your login details.
- Security Questions – A cyber criminal could try resetting your password by correctly guessing the answers to your security questions.
- Virus / Malware – if you already had malware or a virus on your device, your keystrokes could be logged and passwords exposed.
Two-factor authentication means a second method of verification is needed to log in to your accounts. This is in addition to your username and password.
This is often linked to your mobile phone, where you have a verification code sent or use an authenticator app to generate a token.
With two-factor authentication enabled if a cyber criminal were to find out your password they would need access to you mobile in order to gain access.
Lots of Online and Cloud based services now offer the option for two-factor authentication including:
- Office 365
- Amazon Web Services
- and many more…