Last night on Stop Scotland’s Scammers it was shown how easy it can be to ‘hack’ someone’s password.
There are various different techniques used by hackers to steal passwords. Sometimes the attacker will try and ‘socially engineer’ the victim to give them the password. This may well start with a phishing email asking the victim to click on a link that looks like it is from a trusted source and enter their password. An attacker may even try and use personal information to find out if you have used something personal to you as your password. For example, the attacker may try using your date of birth or wedding anniversary as your pin number.
On the show last night, the demonstration showed an example of a ‘dictionary attack’. This is essentially trying lots of different words in an attempt to find the correct password. The longer the list of words the greater chance of success for the attacker.
When picking a password, the average person picks a memorable word that is in the dictionary and appends a number to the end. If they are trying to be really clever they may well substitute one of the letters for a symbol, for example changing the letter a for @. When running a dictionary attack, rules can be set to try for these common substitutes. So P@$$word1 is no more secure than Password1.
The longer the password, the more chance it has of withstanding attacks against them. A 16 character password is more than twice as secure as an 8 character password. Think of a phrase or several words that you can put together to create a long and more secure password.
Gerry Grant, Chief Ethical Hacker
More information on the show: https://stopscammers.stv.tv/