The high-tech world of hacking means the bad guys have a lot of digital tools at their fingertips. Now more than ever, the automation behind stealing your account access means consumers need to practice the strongest password security they can.
Unfortunately, some consumers have continued to ignore years of expert warnings when it comes to password strength. SplashData, who publishes the annual list of the most commonly used passwords as compiled from leaked credentials, found that in 2017, “123456” was still the world’s most common password. That was followed by “Password,” “12345678” (thanks to websites that are trying to protect their users by requiring longer passwords), “qwerty,” and others, such as “admin” and “letmein.”
“But ‘password’ is so obvious that no hacker would ever think I’d use that… right?” Sadly, that’s not how credential cracking works.
The term credential cracking refers to the systematic, automated breaking of your username and password with the use of high-speed bots. Following a large-scale data breach, a hacker simply uses a large database of usernames and allows the computer to “guess” the passwords for each one. Some credential cracking software can make billions of guesses per second.
In short, no one is sitting at a computer with your username, typing in guess after guess until they reach your password. Their software does it for them and it does it with fairly strong results. There has even been a reported uptick in the numbers of failed login attempts on major consumer websites following large-scale data breaches, indicating that hackers are using the stolen information and their bots to “guess” passwords.
As bad as this development is, it’s not the only bad news. If you’re one of the many consumers who reuses passwords, any cracked credentials that a hacker has on you can lead them right to your other accounts. Using stolen information and cracking tools to guess your email or social media login, for example, would also give the hacker access to your Amazon, PayPal, online banking or other sensitive accounts if you’re reusing your password.
In order to fight back against this high-tech break-in, your account passwords must be strong and unique. Lengthy strings of uppercase and lowercase letters (that do NOT spell a word!) combined with some non-sequential numbers and symbols can help ward off even the most devoted little bot. Using that password on only one account is crucial to preventing multiple accounts from coming under attack.
Contact the Identity Theft Resource Center for toll-free, no-cost assistance at (888) 400-5530. For on-the-go assistance, check out the free ID Theft Help App from ITRC.