How Hackers Exploit Weak Passwords

How Hackers Exploit Weak Passwords

Blog 18 Oct 2021
Many users are still careless about their passwords. Weak passwords 'invite' hackers to conduct certain activities such as brute force to login to our software application and take 'benefit' from it. Therefore, strengthen passwords is a must thing to do by users to prevent unwanted activities. 

Many people still underestimate password security. Carelessness that inviting hackers to guess the passwords. One important insight: hackers rely on users' convenience when doing hack activities. Choosing passwords that are easy to remember is a very 'human' thing. On the contrary, this easiness makes hackers able to guess our passwords. Hence, webpage defacement becomes likely happen because of users' weak passwords.

Other than webpage defacements, there are several other consequences of having weak passwords, as follows:

  • Compromising of IT assets and security controls
  • Sensitive data exfiltration – Financial data, HR information, medical records, intellectual property
  • Loss of confidentiality and integrity
     

There are several passwords to avoid (due to its commonality) according to Cybernews in the year 2021:

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 12345
  6. qwerty123
  7. 1q2w3e
  8. 12345678
  9. 111111
  10. 1234567890

We have to take password security matter seriously . Here are several tips for strengthening our security of passwords:

  • Longer passwords (16 characters, for example) are better than complex passwords –more difficult to crack
  • Mix of characters. Such as, symbols, numbers, letters with the upper and lower case –harder to guess
  • Frequently changes –three or four times per year
  • Create unique logins for others, rather than sharing passwords –preventing spread widely
  • Use nonsense words, misspelled words, and/or phrases –harder to guess
  • Empower two-factor authentication (2FA) or multi –factor authentication (MFA)
  • Implement one password per authentication context

In case any defacement is still attacked after we strengthen our passwords, we can detect the defacement faster by using a defacement monitoring tool such as SentryPage.