{"id":12568,"date":"2021-09-03T17:29:05","date_gmt":"2021-09-03T15:29:05","guid":{"rendered":"https:\/\/www.webafrica.co.za\/blog\/?p=12568"},"modified":"2021-11-05T16:23:45","modified_gmt":"2021-11-05T14:23:45","slug":"how-safe-are-your-online-passwords","status":"publish","type":"post","link":"https:\/\/blog.webafrica.co.za\/blog\/general\/how-safe-are-your-online-passwords\/","title":{"rendered":"How safe are your online passwords?"},"content":{"rendered":"\n

If you\u2019ve watched Mr. Robot<\/em> (streaming on Netflix at the moment) or any other series\/movie about hacking, you\u2019re probably already pretty paranoid about cybersecurity. And for good reason.<\/p>\n\n\n\n

With technology continuously advancing, it has become easier for hackers to exploit users and use data to their advantage. Most of us who are on social media have probably seen friend’s accounts being hacked with attackers posting explicit or other unwanted content on a friend\u2019s profile. It seems small but could potentially lead to more serious hacks. Here is a little bit more about cybersecurity threats\u2026<\/p>\n\n\n\n

<\/div>\n\n\n\n

Hacking Methods<\/p>\n\n\n\n

The most common types that are used on everyday people like me and you are phishing, credential stuffing and password spraying. These could be carried out by any hacker, whether you know them or not.<\/p>\n\n\n\n

Phishing<\/strong><\/h2>\n\n\n\n

Most of us are familiar with the term as it has become very popular and is an easier way for a hacker to get to your information. Phishing is when the hacker \u201ctricks\u201d you into giving up your details. The attacker usually uses something like an email prompting you to click on a link and takes you to a cloned site where you then enter your details thinking you are on the true site. Many banks are targeted like this (yes, in South Africa too) which is obviously a serious problem.<\/p>\n\n\n\n

To stay safe, make sure that you recognise the link you are on \u2013 so for the Webafrica Customer Zone, for example, you can ensure it\u2019s always: https:\/\/webafrica.co.za\/clientarea.php<\/a> It\u2019s very important to rather go straight to a site you know is legitimate by typing the true site\u2019s URL straight into the web address bar. <\/p>\n\n\n\n

Always check the sender\u2019s email address and if it looks strange, try to Google it first and check if there are any scam reports for it. Don\u2019t open attachments if you\u2019re not sure the email is legitimate. A dead giveaway usually is that the emails and cloned sites will typically contain spelling and grammar mistakes. Usually, hackers are working fast and not all are English-speaking, so you\u2019ll probably notice a few strange typos.<\/p>\n\n\n\n

Password Spraying<\/strong><\/h2>\n\n\n\n

The hacker uses a list of commonly used passwords against various usernames until he finds a match between a password and a username. It\u2019s a bit like the wheel of fortune \u2013 spin it until you win it. Well, in this case, the hacker would be the winner sadly. The best way to not get caught by a password sprayer is to use a password manager with randomly selected passwords that mean nothing at all. It relies on bad password habits. Spraying is a lot more specific in the attack as they will typically only attempt passwords four times to avoid an account being locked (in the event of a lock-out account system where you can only enter the password incorrectly five times).<\/p>\n\n\n\n

Credential Stuffing<\/strong><\/h2>\n\n\n\n

Like Password Spraying, this is a bit of a roulette game. The difference here is that they use details that they have already stolen and start testing it against other sites. So after a data breach, there will be a list of email addresses, usernames and passwords which they will then use to try to log into other sites. It works on the idea that people reuse passwords on different sites. This is where it becomes important to always have unique passwords for every account you create. <\/p>\n\n\n\n

If you want to see if your passwords have been compromised you can sign up for a website like Have I been pwned<\/a> where you enter your email address and they give you all the sites that have been breached.<\/p>\n\n\n\n

Other<\/strong><\/h2>\n\n\n\n

Other hacking methods are a bit more personal. We won\u2019t go into it too much as the chances are lower for you to be hacked in these ways, but here\u2019s a quick rundown:<\/p>\n\n\n\n

Keylogging:<\/strong> Here the hacker knows the victim either personally or has an interest in the victim (political figures, corporate\/state espionage for example). This will require the hacker to gain access to the victim\u2019s device\/machine to install malware. Your password strength won\u2019t matter much here. Your only defence will be a good endpoint security system.<\/p>\n\n\n\n

Brute Force:<\/strong> This you will probably see in many movies. Credential stuffing and password spraying are versions of brute force attacks with a common underlying theme: trial and error. It\u2019s where the hacker runs an algorithm against encrypted passwords. Password length is your best bet if you\u2019re scared of these more forceful attacks. Keep it above 16 characters and use capital letters, special characters and numbers somewhere.<\/p>\n\n\n\n

Local Discovery:<\/strong> This is basically when a friend, colleague, acquaintance or relative finds out your password \u2013 maybe you wrote it down somewhere \u2013 and uses it to log into your account without your knowledge.<\/p>\n\n\n\n

Extortion:<\/strong> This is exactly what the name suggests. A hacker will blackmail you for your login details with reasons and demands depending on your relationship with the person.<\/p>\n\n\n\n

<\/div>\n\n\n\n
\"\"<\/figure>\n\n\n\n

Precautions You Can Take:<\/p>\n\n\n\n