• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • Daily Security Bytes
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

2021 World Password Day: How Many Will Be Stolen This Year?

May 4, 2021 By Sam Manjarres

Password managementYou know what they say about passwords… You’re only one weak password away from a breach. Despite the increasing sophistication of hacker technologies and tools, the easiest step of a hack is still cracking the password. In fact, it’s so easy that many times it doesn’t even involve guessing at all. The scariest part about this is that regardless of how secure your password is, all it takes is one colleague’s weak password to put your company’s entire system at risk for a breach.

These stats help explain why passwords are a top vulnerability for companies:

  • 81% of the total number of breaches leveraged stolen or weak passwords – 2020 Verizon Data Breach Investigations Report
  • 1 million passwords are stolen every week – 2019 Breach Alarm
  • $1.3 million is the average cost of a data breach – 2017 Ponemon Institute Cost of Data Breach Study
  • Password dumper is one of the most common malwares – 2020 Verizon Data Breach Investigations Report

And these are the most common password hacking methods:

Keyloggers
Keyloggers are software programs that give hackers access to personal data by recording all the keyboard keystrokes. The passwords and credit card numbers you type, the web pages you visit – all by logging your keystrokes.

Social Engineering
This approach comes in a number of styles, all of which are rooted in the idea of deceiving or manipulating people into divulging their information or taking a certain action. Common social engineering methods used to steal passwords include phishing and using a trojan horse attack. A less common approach is shoulder surfing, in which the hacker simply watches a user type in his or her password.

Dictionary Attack
Hackers try to guess a password by typing in a common list of words from a password “dictionary.” More advanced password dictionaries include lists of the most commonly used words in passwords. This is a relatively simple method, but one that is effective in guessing less-complex passwords. If you use real words in any of your passwords, your credentials are at risk.

Brute Force Attack
While not as efficient as a dictionary attack, a brute force attack is more effective in eventually guessing a password. With this method, hackers use tools to repeatedly try every possible password combination of letters, numbers, and symbols until the password is cracked. A similar approach is a reverse brute force attack, in which a hacker tries one password against many usernames.

Rainbow Attack
This method uses a resource called a rainbow table to crack password hashes (essentially scrambled up passwords stored in system databases) in a much more efficient and effective way than brute force or dictionary attacks.

Credential Stuffing Attack
Since so many people use the same passwords or variations of passwords across accounts, hackers found a way to automatically run database lists of breached username/password combinations against a target website login. According to Shape Security, 90% of login attempts at online retailers are from this type of attack and this method is effective for hackers about 3% of the time.

So, to celebrate World Password Day, may we suggest you look at smarter ways to protect user credentials? Multi-factor authentication (MFA) should be the first step into enabling authentication defense for users. It adds a security layer to logins beyond just a simple username and password and it helps ensure that hackers cannot access your systems even if one of your employee’s passwords becomes compromised.

Wondering if employee email credentials have been exposed to the dark web? Search your company domain here to find out.

Share This:

Related

Filed Under: Editorial Articles, WatchGuard Articles Tagged With: authentication, cybersecurity, Hacking, mfa, multi-factor authentication, password breach

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Robux Ransomware
  • Grading Gartner’s Guesses
  • 0-Days for Days
  • Package Hijacking

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Grading Gartner’s Guesses
  • 200th Episode Extravaganza
  • Robux Ransomware
  • 0-Days for Days
  • Package Hijacking
View All

Search

Archives

Copyright © 2022 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use