I’m a cybersecurity expert – here’s how much damage a hacker could do if they got hold of just ONE of your passwords
- Expert says it’s ‘easy’ for cyber criminals to get a password and can be disastrous
- They can be taken through data breaches, phishing and bad security practices
- READ MORE: ‘123456’ and ‘qwerty’ are among most popular passwords in the UK
A hacker learning just one of your passwords can be enough to cause huge damage – especially if it’s your email password, an expert has warned.
Jake Moore, security specialist at ESET, says it’s ‘very easy’ for cyber criminals to get hold of a password, and that they’re ‘regularly’ compromised in data breaches.
Cyber criminals make a living by hacking into a big company database that has passwords stored, or benefitting from an internal security cock-up among staff.
Another method of taking passwords is phishing emails, which contain links that lead to fake websites designed to trick you into entering your password.
But in many instances, a password can be easily guessed because it’s made up of common words or phrases, with ‘qwerty’ and ‘123456’ being classic examples.
A hacker accessing just one of your passwords can cause huge damage and financial loss – so proper security practices is essential (file photo)
Jake Moore, security specialist at ESET (pictured), says it’s ‘very easy’ for cyber criminals to get hold of a password
One of the biggest dangers is that people have a bad habit of using the same password for several different accounts, Moore said.
Tips to protect your passwords
– Don’t click on suspicious emails
– Set up two-factor authentication (2FA) on your accounts
– Don’t use the same password (or even similar passwords) for multiple accounts
– Don’t share your password to anyone
So if a hacker knows your email address and password for one account, they’re going to try it on different platforms too.
Moore has revealed the damage that could be done if a hacker gets hold of a password, in the case of three different scenarios.
Probably the biggest damage could be done if a criminal gets hold of your email password, the expert says – largely because email access can be a gateway to getting into several other platforms.
‘Email is the most worrying account to lose control over because if this is compromised, hackers could simply access all other accounts online,’ Moore told MailOnline.
‘This is completed by searching the corresponding email address as the username on other platforms and clicking “forgotten password”.
‘This then sends a link straight to the hackers to change the password to whatever they want.’
Email accounts such as Gmail also have a huge amount of personal information stored that could be used to imitate you (file photo)
Email accounts such as Gmail also have a huge amount of personal information stored that could be used to imitate you – such as birthday, phone number and even home address.
READ MORE: ‘123456’ is still among the most popular passwords
Among the most popular passwords are ‘123456’, ‘qwerty’ and ‘password’
What’s more, your passwords for various websites are stored in your Google Account, which can be accessed by logging into Gmail.
‘If a hacker had access to your Gmail then they would potentially also have access to connected Google accounts,’ Moore said.
Your Twitter account includes your phone number, email address and more, including, potentially, your birth date and also your payment details if you’re subscribed to Twitter Blue.
But a hacker could also revamp your account to impersonate someone else – risking it being banned by Twitter staff and lost for good.
A lot depends on whether you have a security standard known as two-factor authentication (2FA) set up on your account.
2FA sends an SMS message containing a code to users’ smartphone, which they have to enter to access their account, as an extra layer of security.
Elon Musk recently removed SMS two-factor authentication (2FA) from the free version of Twitter and made it exclusive to Twitter Blue – a decision Moore called ‘absurd’ that will lead to ‘so many accounts hacked’.
Elon Musk recently removed SMS two-factor authentication (2FA) from the free version of Twitter and made it exclusive to Twitter Blue (pictured)
However, you can use an authentication app – such as Google Authenticator – to still use 2FA on your Twitter account.
READ MORE: Data of 10m customers may have been stolen in JD Sports ‘hack’
JD Sports said around 10 million customers may have had data compromised
Meanwhile, if a hacker got your Facebook password, their likely next move will be to share spam and phishing links with some of your friends, again compromising your account.
While criminals use fake accounts to conduct phishing scams, they increasingly prefer to hack into legitimate accounts.
Moore said online supermarket apps such as Tesco or Lidl store personal information that’s protected only by a password.
Potentially, a hacker could change your address that’s registered on your shopping account and use your payment details to have groceries delivered to their house.
‘Supermarket accounts store a lot of data on you from phone number to home address,’ Moore said.
‘This information is extremely sought after and often only protected by a simple password.’
However, potentially a bigger cause for concern is using these apps to learn your personal details, which can be sold on the dark web.
The dark web is only accessible with special web browsers and is used for keeping internet activity anonymous – so for criminals it’s an ideal place for their illegal activity.
Moore said online supermarket apps such as Tesco or Lidl store personal information that’s protected only by a password
Moore said ‘information is the new gold’ as it can be bought and sold.
Hackers can use your stolen information to open credit card accounts, apply for government benefits, take out loans in your name and much more.
Overall, Moore recommends using password managers – apps on your phone, tablet or computer that stores your passwords so you don’t need to remember them.
‘Password managers are nearly impossible to hack,’ he told MailOnline. You would need an authorised device to see the passwords.’
It’s also important to limit what information you have stored online and only give over data that is necessary for the app or service to function, he says.
More tips to secure your password
1. Be aware of all accounts that are in your possession
Experts recommend deleting unused accounts and knowing the exact number of those that are active. This way, you can prevent gaps in your password management.
2. Make long, unique passwords, and never reuse them
Complicated combinations of numbers, uppercase, lowercase letters, and symbols make the most robust passwords. Reusing them is never an option — if one account gets hacked, other accounts are at risk.
3. Use a password manager
This technological solution fully encrypts the passwords stored in the vault and allows secure sharing.
Many cybersecurity incidents happen because of simple human mistakes — people leave their passwords openly accessible for others and store them in Excel or other unencrypted applications.
4. Don’t overshare on social media
Online accounts are often behind an access barrier that asks questions relating to random personal details such as ‘name of first pet’.
These random facts have gained a new worth to criminals in the age of online scamming and phishing attempts.
If a scanner can gather enough clues from your social media page, for example, they might be able to guess the answer to such a question or even your password.
Source: Read Full Article