Hackers Know Your Password: Don’t Stay Vulnerable

Download PDF
Protect your passwords from hackers

The leakage of the Largest Credential Database

Scandals associated with the theft of passwords and personal data happen regularly - only in the past couple of years the passwords of popular mail services were leaked to the open network, and even the services for storing passwords were hacked.

1.4  Billion passwords were found in a single database - how can you be sure that yours is not there? In this article you will find out what kind of threats your password is open to, and how to protect your personal data with the correct credentials.

All passwords are presented in text form, and the most terrible fact is that most of them are passed as acceptable. Almost all users, interviewed by researchers, confirmed that the passwords were valid.

Researchers compared the data from the leak to other known bases

It was discovered that, although most of the credentials were already known, 14% of the login/password pairs had never been found before.

This new database adds 385 million new accounting pairs, 318 million unique users and 147 million passwords.

Since the data is organised in alphabetical order, the main problem is easily detected - the reuse of passwords:
How people reuse passwords

Here is the list of 40 most popular passwords:

Given the fact that people re-use passwords for e-mail, social networks, e-commerce, etc., hackers can automate the process of taking over accounts.

How Do Hackers break passwords?

There are always at least two ways to crack the password:

  • A trivial selection, which takes a huge amount of resources and time, but with the proper luck, will not take an hour.
  • The most simple and effortless way is the "pet attack.” This is when people choose the name of their pets as a password, making it very easy for hackers.

Recommendations for passwords and their compilation
 'Pet attack' in passwords

Actually, in order to complicate the process of hacking a password, a large number of recommendations applicable to its selection and compilation are singled out. We will try to give only some, the most important ones.

Fighting QWERTY

Lower your eyes to the keyboard and see how these keys are located. No doubt, you noticed that they are running in a row. So never do such nonsense. Do not allow more than two characters running consecutively in the password.

For example, passwords like qwinto or abscuro will be quite effective (they are called persistent ones, that is, those that are hard to crack), but passwords like qwento or abco will be ineffective, hacking them takes much less time.

When choosing a password, try to avoid alternating characters (alphabetically or by keyboard layout), this can save you from hacking by selection.

Collisions - What Is It and How to Avoid It

When you come up with the key for encryption, try to avoid such nonsense as repetition of symbols. In itself, the word Collision is already a lousy password, in it we have two consecutive letters L . When encrypted, it will give a lot of duplicate characters. And the repetition of the same character in the password makes it much easier to select.

No matter how much you like it, try to avoid repeated symbols and use the same letters in your password.

Length vs. Efficiency
Are you sure that the Icelandic volcano name is a good password?

Some people believe that the names of Icelandic volcanoes are excellent passwords. And let's be honest, are you ready to memorize 15 characters of text, about which you can break a language? And often there are more than a lot of collisions and ordering of symbols in these names.

Compare  on the above parameters 2 simple passwords (conditionally simple, of course):

  1. Faithful
  2. Yokalatarakoyl

Let's see what we have in both cases and what disadvantages there are:

  1. A small number of characters, one alphabet is used, no numbers. However, all the symbols are quite scattered in alphabetical order and layout. And in the password we have 6 effective symbols.
  2. A large number of characters, one alphabet, no numbers. However, in this password we have  two letters "k", "y", "o" and "l". We have four letters "a" at once. Therefore, in fact, in this password there are 6 characters.

You do not need to be a wisecrack to figure out that these passwords are equally reliable, regardless of the number of characters that are used in the second. Therefore, we can safely say that the password is such a thing, where the quantity is very rarely intertwined with quality.

Using Numbers
Add numbers wisely

But how to make the first password more effective? - Simple, but effective advice - to add the numbers.

  • Adding to the word "Loyalty" something like "11111" or "666" is, of course, a solution, but generally ineffective. We add more symbols to remember, and we increase the efficiency only by one.
  • It is best to follow the rules applicable to letters to pick up 3-4 figures. So, for example, the password "Loyalty1859" will contain 10 effective symbols.
  • Each account requires its own password. Even if one of the passwords appears unreliable, hackers won’t get access to all your accounts at once.

More complicated and better-protected passwords are the combination of small and capital letters, numbers, special symbols, collected in non-predictable order.

The last, but not the least: do not keep your passwords auto-saved by the browser  on your computer or smartphone - it’s the easiest way for hackers to reach them. If you have some points to be discussed - contact our London team or just come for a lovely chat with a cap of tea.  

Chief Product Officer
With a passion for innovation and a keen understanding of market trends, Alexander plays a pivotal role in shaping Magora's product development strategy and ensuring the delivery of cutting-edge solutions to clients.
How to Protect your Data While Using API Services Striving for Security in an Aggressive Threat Environment Chatbot is on Duty: Improve the UX of your Website Ensure Secure Data Transmission without a Secure Channel
How to Monetize Your B2C Mobile App: Core Strategies iOS 18 Features Highlights: Leveraging Apple Intelligence for Your Next App 3 Ways AI is Shaping the Future of Sustainability How to Develop an AI Chatbot for Your Real Estate Business
Everything You Want to Know About Mobile App Development App Development Calculator Infographics: Magora development process Dictionary
News Technologies Design Business Development HealthTech IoT AI/ML PropTech FinTech EdTech Mobile Apps Discovery Transport&Logistics AR/VR Big Data Sustainability Startup Enterprise Security
Logo Magora LTD
Thank you very much.
Magora team

Grab your e-book: Design to attract more buyers

Logo Magora LTD
Get in touch
Open list
Open list
Logo Magora LTD
Thank you very much.

Your registration to the webinar on the 27th of September at 2 p.m. BST was successfuly completed.
We will send you a reminder on the day before the event.
Magora team
Registration for a webinar

"Let Smart Bots Speed up your Business"
Date: 27.09.2018 Time: 2 p.m. BST
Do you agree to the personal data processing?

Logo Magora LTD
Download our curated selection of resources for accelerating your software development journey.