Much attention is often paid to security protocol at an administrative level but it’s equally important to ensure that you and your staff are individually taking steps to keep your business’s digital assets safe and secure.

Account log-ins acts as the gatekeeper to your digital world so it’s vital your team practise good password management to avoid giving unscrupulous individuals unbridled access to your accounts and sensitive data.


How do Cybercriminals exploit passwords?

Cybercriminals use a range of methods and tricks to gain unauthorised access to password-protected accounts.  Some of these are listed below.

Phishing – This method simply involves the hacker acquiring your password using an act of deception.  Often using Email, the hacker will often imitate a legitimate party in order that you will divulge account details.

Malware – Malicious programs are used to record passwords as they are entered.  Such programs include ‘keyloggers’ and ‘screenscrapers.’

Rainbow table attacks – This is a more sophisticated method that requires a fair amount of computing power due to the size of the Rainbow table databases used to hack database encryption.

Dictionary attack – The concept here is fairly basic – the hacker uses a file that runs through a list of words in order to gain access to an account.  This list could be the contents of the actual dictionary, but it also often contains words and phrases that are known to be common passwords.

Brute force attack – Similar in nature to dictionary attacks but instead of just words these attacks use all possible alphanumeric combinations withing given parameters in order to gain access.  An old method that remains popular with cybercriminals despite the time it can take to find a match.

Social engineering – This is an umbrella term that encompasses Phishing and many other methods used by hackers to make victims voluntarily disclose confidential information.

Guessing – The least sophisticated password attack.  Many people take little care when creating passwords resulting in them often being easily guessable.  Passwords are often common letter/number sequences such as ‘qwerty’ or ‘123abc’ or names and places relevant to the account holder – a pet’s name, spouse, or town of residence.


Keep your accounts impenetrable with secure passwords!

Good password practice is largely common sense. Don’t use common number/letter sequences,  words or phrases that mean something to you or names of people and places you’re connected with in some way.  The best passwords feature a random assortment of letters numbers and other characters and have no meaning and no relevance to the user, and the longer, the better!

You and your team should use some of the following principles in order to set strong passwords and keep your accounts secure:

  • Use multi-factor authentication where it is available.
  • Use upper and lowercase letters.
  • If it is too easy to remember then don’t use it. Avoid easily recalled sequential passwords (1234, qwerty) as well as common words (dog, cat, etc.)
  • The longer, the better; if possible make sure your password is over 10 characters long.
  • Periodically change your password; sometimes accounts are hacked unbeknownst to the account holder.

Password security is a ‘front line’ and crucial yet often neglected aspect of online security.  So start setting strong passwords today and. safeguard your digital assets against online criminals.


We’re YorCyberSec

We save companies time, money, and valuable resources, making sure more than just an internet search is performed before an investment is made. We take the time to understand the business and requirements, then look at the market and provide options that will are fit for purpose and pre-scoped.