How Hackers Exploit Weak Passwords

Many people still underestimate password security. Carelessness that inviting hackers to guess the passwords. One important insight: hackers rely on users' convenience when doing hack activities. Choosing passwords that are easy to remember is a very 'human' thing. On the contrary, this easiness makes hackers able to guess our passwords. Hence, webpage defacement becomes likely happen because of users' weak passwords.

Other than webpage defacements, there are several other consequences of having weak passwords, as follows:

• Compromising of IT assets and security controls
• Sensitive data exfiltration – Financial data, HR information, medical records, intellectual property
• Loss of confidentiality and integrity
   

There are several passwords to avoid (due to its commonality) according to Cybernews in the year 2021:

1. 123456
2. 123456789
3. qwerty
4. password
5. 12345
6. qwerty123
7. 1q2w3e
8. 12345678
9. 111111
10. 1234567890

We have to take password security matter seriously . Here are several tips for strengthening our security of passwords:

• Longer passwords (16 characters, for example) are better than complex passwords –more difficult to crack
• Mix of characters. Such as, symbols, numbers, letters with the upper and lower case –harder to guess
• Frequently changes –three or four times per year
• Create unique logins for others, rather than sharing passwords –preventing spread widely
• Use nonsense words, misspelled words, and/or phrases –harder to guess
• Empower two-factor authentication (2FA) or multi –factor authentication (MFA)
• Implement one password per authentication context

In case any defacement is still attacked after we strengthen our passwords, we can detect the defacement faster by using a defacement monitoring tool such as SentryPage.