Everyone knows that passwords are the first line of defense against malicious third parties attempting to gain unauthorized access to your personal devices and information.
Most of us have a basic understanding of passwords and what to do when creating one. We know that passwords need to be strong and difficult to guess. We also know that passwords need to be long and contain different characters.
Unfortunately, while most of us know how vital creating strong passwords are, we’re still susceptible to cyber attacks from hackers and scammers. From reusing passwords on various accounts to relying on some of the most common passwords used worldwide, we’ve got the right idea for creating passwords, but we’re not very good at ensuring that they’re secured.
According to the Identity Theft Re Center, 90 percent of data breaches in the first quarter of 2022 are cyber attack-related. The findings also indicate that phishing and ransomware are the two top root causes of data breaches. System and human errors also represented 8 percent of the data compromises in the study.
As the year progresses, many more cybersecurity attacks will likely occur against companies and individuals. It’s essential to arm yourself with the proper knowledge and tools to protect yourself against these attacks and safeguard your precious data. To help you, we’ve compiled a list of the five most common cyber security attacks and what you can do to prevent these attacks from inflicting damage on you.
- 1 5 common ways passwords are stolen
- 2 Brute force attacks
- 3 Dictionary attacks
- 4 Phishing
- 5 Rainbow table attacks
- 6 Man-in-the-middle attacks
- 7 How to protect yourself from cyber attacks
- 8 Always use a password manager
- 9 Never reuse passwords
- 10 Consider using passphrases instead
- 11 Enable multi-factor authentication
- 12 Use a VPN when on public Wi-Fi
- 13 Cybersecurity is an ongoing process
5 common ways passwords are stolen
Brute force attacks
In brute force attacks, hackers usually rely on an automated system to guess hundreds and thousands of different password combinations until they’ve hit their targeted password. This is also why brute force attacks are often called exhaustive searches because they rely on a system to try and exhaust plenty of different password options.
Since a portion of the login details for an account, like email addresses and numbers, are easy to obtain, hackers just need to figure out a user’s password to gain access.
While it’s a relatively simple hacking method, brute force attacks actually have a high success rate, so they definitely shouldn’t be underestimated.
If you think your passwords like “cupcake123”, “mcdonalds245”, and “chickennoodlesoup” are random and difficult to guess, you might want to think again. The dictionary attack, employed by hackers, is a method that systematically enters a list of commonly-used words and phrases into an automated system until a match is found. While this password-cracking technique isn’t as successful as a brute force attack, they’re still a significant threat.
Here’s why: Commonly-used passwords from previous data breaches are often added to a dictionary list for such attacks. If your passwords have been compromised before and you’re guilty of reusing passwords across multiple accounts, it’s likely that your compromised password will be used in a dictionary attack.
Phishing attacks happen when an attacker gets access to your personal device or system by impersonating you or someone you trust. For example, an attacker might send you a text message, email, or direct message on a social networking site asking you to sign up for a service. As the message comes from someone you supposedly trust, you’re more likely to click on the link. Most of the time, these messages incite some level of urgency.
The malicious might contain malware or might require you to give up certain sensitive information as part of the “sign-up” process. This is why phishing attacks are also known as social engineering attacks.
To avoid being a victim of such attacks, make it a point to practice a healthy level of skepticism each time you receive a message that’s supposedly urgent and requires your help. When in doubt, always check in with your friends through a different medium and ask them if they’re aware of what’s going on with their account.
Rainbow table attacks
A rainbow table attack is a password-cracking method that uses hashes in a database to decipher a password. While there are many different types of rainbow tables, they typically consist of two columns: one with hashes and the other with plain text for the hashes.
When a database of passwords are compromised, all attackers need to do is figure out the hash values of a password to reverse them into plain text and gain unlawful access.
Man-in-the-middle attack or MITM happens when a hacker “sits” between two victims to intercept their connection and steal whatever data they might want. For example, when you’re in a cafe using free public Wi-Fi, an attacker could potentially “sit” between you and the unprotected server.
Despite its name, a MITM attack doesn’t just involve a single person. Often, you’ll find during MITM attacks, nefarious individuals or groups just have to install a packet sniffer that analyzes network traffic on an unprotected network. When a user taps into the network and proceeds to log in to personal banking sites, social media accounts, and keys in their credit card details, these attackers will then capture and store their precious information.
How to protect yourself from cyber attacks
Now that you’re sufficiently familiar with how these attacks work, it’s time to learn about ways you can protect yourself from them.
Always use a password manager
Password managers are programs or software that create and store your passwords in a safe digital vault. Some password managers, like LastPass and Okta, have password generators that let you modify your passwords according to certain requirements.
With a password manager, you no longer have to remember any individual passwords for various accounts. Instead, you’ll just need to memorize a single master password that will unlock your vault. Most password managers also have mobile apps so you can access your vault everywhere you go.
Never reuse passwords
It should go without saying that recycling passwords are a no-go. While we understand that reusing passwords takes the hassle out of creating passwords and is quick to do, it’s just not safe. It’s predicted that humans will create at least 100 passwords in their lifetime, so it’s perfectly understandable that we revert to reusing passwords.
Once you’ve signed up for a password management service though, reusing passwords will be a thing of the past.
Consider using passphrases instead
If you absolutely do not want to use a password management tool, your best option is to get a little more creative when devising passwords. Instead of using common words like “cupcake” or “chocolate”, try coming up with a catchy phrase you’ll likely remember for the rest of your life.
Your phrase could be, “I love the weather in summer”. Now, you’re going to want to turn that into a passphrase. Like this, “I<3Dw34tH3r!n$u^^3r”.
Such passwords are not just difficult to crack; they’re unique to you and contain multiple variations of different characters.
Enable multi-factor authentication
Multi-factor or two-factor authentication is a verification method that requires two or more types of “passwords” to gain access to an account.
There are many different ways to authenticate, but most services generally require a user to input something they know and a detail about something they are to verify that the person logging in truly is who they claim to be.
For instance, banking smartphone apps can require a user to input their password and to verify, will ask them to scan their face or fingerprint as a way to authenticate. Your fingerprints and facial scans are also known as biometric logins.
Another way to authenticate an account is to use a physical device like a security key, card, or verification code. Unfortunately, because users run a risk of losing these physical items, many accounts generally prefer to use biometric logins to secure an account.
Generally, users should be using two-factor authentication to secure various accounts. This greatly reduces the risk of brute force and phishing attacks on your personal information.
Use a VPN when on public Wi-Fi
Public Wi-Fi networks are a great way to stay connected to friends and family while traveling. However, as we’ve learned earlier, they’re susceptible to man-in-the-middle attacks.
Public Wi-Fi networks are often unsecured and could allow third parties to see what you’re doing online. While you ought to avoid using public Wi-Fi, sometimes, you still have to tap onto them.
When doing so, make sure to download a virtual private network (VPN) to shield yourself from snoops and keep your activity private. A VPN encrypts all your internet traffic, protecting you from hackers and even your internet service providers.
While you’re at it, always avoid logging into financial services and entering personal information like your credit card details or social security number while on public Wi-Fi.
Cybersecurity is an ongoing process
No cybersecurity plan is perfect. If they were, many companies and individuals would not fall victim to cybersecurity attacks.
Now that you’re more equipped with the right tools to protect yourself and are aware of the different sorts of cybercrime that occur online, it’s time to implement them. As always, every cybersecurity plan needs to be adaptive, and you should consider your lifestyle and technological abilities when coming up with a plan.