Why they want your passwords

Passwords, a basic yet essential part of cybersecurity, are the first line of defence against cyberattacks in our increasingly digital world. However, many users are under the false impression that cybercriminals have no interest in their personal information or data on their computers.

The rapid shift to remote working has significantly increased the potential for security breaches within all organisations, and it is for this reason that the robustness and strength of passwords are more important now than ever. Passwords continue to be the most widely used system to keep personal data safe or to allow access to a service, both personally and professionally, and therefore a clear target for cybercriminals. That is why cybersecurity provider Check Point Software has highlighted some of the tactics used to steal passwords while providing the necessary steps to prevent any person or company from becoming a victim of cybercrime:

• Phishing attacks: This method has become one of the most widely used tactics for stealing passwords and usernames. It works in a simple way: by sending an email that appears to come from a trusted source (such as banks, energy companies, etc.), but aims to manipulate the recipient and extract confidential information. An example of a successful phishing attack was the data breach at Experian, where a fraudster purported as a legitimate client obtained the personal information of as many as 24-million South Africans and nearly 793,749 business entities. One of the best ways to prevent a phishing attack is by implementing a two-step authentication. This extra layer of security prompts the user to enter a second password, which is usually sent via SMS. This way, access to an account is prevented even if they have the user’s credentials.
• Brute-force or dictionary hacking: This type of cyber-attack involves trying to crack a password through repetition. The cybercriminals will try multiple random combinations, combining names, letters, and numbers, until they gain access. To prevent them from achieving their goal, it is essential that users create complicated and complex passwords that cybercriminals would never be able to guess randomly. To do this, it is necessary to leave out names, dates, and common words. Instead, it is best to create a unique password of at least eight characters that combine letters (both upper and lower case), numbers and symbols.
• Keyloggers: These programmes are capable of recording every keystroke made on a computer and even record what is displayed on the screen. This information is then sent and stored on external servers, then used by cybercriminals. These cyber-attacks are commonly part of malware that is been previously installed on a computer. The worst thing about these attacks is that many people often use the same password for different user accounts. To prevent this, it is essential to use a different password for each profile or account. To do this, a password manager can be used, which allows both managing and generating different and robust password combinations for each service based on the guidelines decided upon.

“When it comes to guaranteeing the highest level of cybersecurity, preventing risks such as password theft is just as important as having the latest cybersecurity solutions,” says Pankaj Bhula, regional director for Africa at Check Point Software Technologies.

“Both phishing and keyloggers are two tactics that have been used to breach thousands of devices around the world. However, the risk can be easily remedied by configuring varied and robust password combinations of at least eight characters interspersed with letters, symbols, and punctuation marks. This way, cybercriminals will find it much more difficult to gain access to your devices, ensuring the highest level of security on your devices.”