The Financial Express (Delhi Edition)
ENTER PASSWORD
The world is increasingly moving towards an era that has no place for passwords like ‘Dadada’, used by Mark Zuckerberg for his accounts
WITH HIS Twitter and Pinterest accounts hacked recently, Facebook CEO Mark Zuckerberg was the latest to fall prey to cyber crime. As per news reports, the founder of the world’s biggest social network had used ‘Dadada’ as the password for his two accounts, which were hacked by a group called ‘OurMine Team’. The group said it was just ‘testing’ Zuckerberg’s online security. The accounts were restored in no time, but the damage was done.
Zuckerberg isn’t alone in setting easy-to-crack passwords. As per experts, the most common password that people use is ‘password’. Then there is ‘123456’. Other popular contenders include ‘12345678’, ‘abc123’ and ‘qwerty’. These might be super easy to remember for a user, but for a cyber criminal, cracking such a password is a piece of cake. Sure, some hackers do it just for fun—as was evident recently when a Russian hacker traded more than 272 million passwords and other account details to a cyber security firm just for some social media praise and ‘likes’— but not every hacker’s intentions are harmless. Sometimes, the consequences can be catastrophic, especially for big organisations dealing with personal or financial data of millions of customers.
Forgot password?
The biggest issue with passwords, as many would agree, is remembering them. In fact, that’s the main reason why people set easy passwords and often reuse them for a number of accounts—the two biggest mistakes, as per experts. Another reason why people repeat passwords are the stringent norms and requirements that prompt them to use ‘special’ characters, numbers, etc, which make it all the more difficult to remember. “These days, passwords have to be in an alpha-numeric format and should have special characters. Also, companies that handle payment card industry data and other critical information have to comply with a lot of security norms by virtue of international standards. These norms require the user to change their password, say, every three months. So it’s getting harder and harder to remember them. Companies are also imposing a lot of password policies, which lead people to set passwords that are easy to guess,” says a New Delhi-based security researcher with a leading Fortune 500 company, who didn’t want to be named.
Apart from websites, apps, too, need passwords these days. And if users deploy crackable passwords—such as ‘password’—their accounts become extremely vulnerable to attacks. “People are not aware of the risks of having simple passwords. So we have a set of guiding principles in terms of how you define a password: it’s got to be about eight characters, should include multiple characters, capitals, underscores, etc. The whole idea is to build a complex password, so that no one is able to hack it. But the biggest challenge is that you have to remember it yourself,” says Venkat Krishnapur, head, operations, India Development Centre, Intel Security Group, which provides virus protection and Internet security.
Users try every trick in the book to remember passwords—saving them in the browser, writing them on sticky notes and even sharing them with someone else—but there seems to be no respite. From keylogging (recording the keys struck on a keyboard) to phishing attacks, hackers’ arsenal keeps evolving at a frightening pace. “Password-cracking techniques such as a brute-force attack can run a combination of character sets or all the keys available on the keyboard. If the password strength is weak, that is, if it does not have a combination of capital letters, small letters, numbers and symbols, it can be cracked in no time,” says Rizwan Shaikh, a Mumbaibased ethical hacker, and information security and cyber crime consultant.
And if people reuse passwords for multiple accounts, the username and password combinations can be hacked in less than a minute due to their static nature. “Identity theft accounted for 53% of data breaches in the first half of 2015, as per the 2015 Breach Level Index (a database that tracks breaches globally). This shows that cyber criminals are becoming increasingly sophisticated,” says Atul Singh, regional director, India subcontinent, banking, transport and telecom solutions, Gemalto, an international digital security company.
Below then are some ways you can enhance your security online...