The Anti-virus Times

Wednesday, May 26, 2021

Users usually need to create a login and password to register an account. Inexperienced users use standard credentials that go unchanged for decades, or even worse, they use the same data for different sites. Such an approach reduces one’s information security. If an attacker gains access to your email address, and its password is the same one that you use for all your other accounts, and you’ve never enabled two-factor authentication, you can say good-bye to your profiles on social networks. In this Anti-virus Times issue, we’ll discuss where and how to safely store all your passwords.

To help prevent hacking, make it a practice to use strong passwords. Combinations like qwerty and 1234 are too popular, so they become an open door for a thief. Alternately, you can use a long meaningful phrase as a password. Such a combination is easy to remember but difficult to crack.

Even if a code word is sufficiently complicated, don’t forget that there is the risk of entering it on a fake page. The next time you order a delivery or sign in to your favourite social media account, look at the domain of the site where you are entering your data. For example, instead of the usual drweb.com, there may be drwebbcom.com. This is a fictional example of a phishing site that attackers can use to steal personal data. Anyone who uses their actual login and password on such a site is falling for a fraudster’s tricks. But worst of all is when people enter the same password for multiple services. In this case, the user must change their passwords for all their accounts, which could be compromised after such a leak, and not forget to enable two-factor authentication. Remember that weak passwords are like bait for attackers, and that means you’ll soon have to say good-bye to your vulnerable account.

Create different passwords for commonly used services. However, if your memory accumulates over a dozen unique code words, it becomes much more difficult to remember new ones. And a logical question arises: where should I store them? One simple but insecure method is to create a text file called "Passwords 2021" and keep it so it’s visible on your desktop. This is a bad option: an open folder or a file that’s not protected with a password is an unreliable way to store important information. Another bad idea is to write down your key on a sticker and stick it on your monitor. Then, anyone who wants to will immediately get the needed data. In addition, you should not keep your personal information in unencrypted notes on your mobile device—you risk having your personal information stolen by malicious apps. If an infected smartphone stores photos, documents, user names, and passwords in plain text, you can be sure that attackers will want to use this data.

Perhaps, the most secure solution is password managers. These are programs that store passwords for sites, systems and programs. However, this method is also vulnerable. Password managers solve a number of cybersecurity issues but potentially create a new one—the need to ensure the confidentiality of the master password that opens access to the manager itself. In addition, the created or generated code word should be changed from time to time to reduce the chances of it being cracked.

Password managers are not a panacea for yet one more reason. In April, attackers distributed a special malware update for Passwordstate (a local solution for managing a company's passwords), and as a result, all users of the program were at risk of having their accounts stolen. After news of the hacking appeared, the developers began to restore lost accounts by emailing instructions, and cybercriminals took advantage of that—they sent the same emails but with the recommendation to install a "modified patch file" that was actually a malicious update.

#hacking #two-factor_authentication #password #page_replacement