How Passwords Get Hacked
Founder @ NowSourcing. Contributor @ Hackernoon, Advisor @GoogleSmallBiz, Podcaster, infographics
Fernando Corbato pioneered the first computer password in 1960, being used as a personal point of entry on MIT's Compatible Time-Sharing System (CTSS). Just 2 years later, the CTSS was hacked and has been inspiring hackers ever since. There have been immense technological advancements since 1962 - how is it that today's hackers can get through 2-step authentication, biometrics, and security questions? Cryptographers predict a future that moves beyond passwords, but the issue seems to lie between cybersecurity and human nature.
In 1962, hacking was as simple as printing the system's password file. Today, hackers use tech to quickly run through millions of possible passwords until finally one works. There are three primary programs hackers shuffle between running.
The Dictionary program uses tech that generates possibilities based on common passwords, such as "123456" or "iloveyou." The Brute Force program runs alpha-numeric combinations such as "qwerty1" and "aaa1." The Rainbow Table lists common passwords and their corresponding hash values, cutting down the processing time needed to run a brute force attack. For example, a rainbow table would translate "password" into "320157b0a9d9718." This is its corresponding hash value.
On top of this, hackers simply hack the human. Criminals may instead try to manipulate users into giving out their login credentials themselves. Alternatively, hackers can turn to social engineering. This tricks the user by posing as an authority figure, tech support, or offering a sense of urgency - which leads the user into rash actions. For example, phishing uses social engineering to get users to download malware, click malicious links, or log in through a spoofed portal.
While there's no way to make yourself bulletproof to a hacking attempt, better security practices can increase your shield. It all depends on how seriously you take your cybersecurity. 91% of people know that reusing the same password increases the risk of a breach, but 66% do it anyway.
In 2004, Bill Gates said, "There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems, they write them down and they just don't meet the challenge for anything you really want to secure." By eliminating passwords with certificate-based authentication, we could say goodbye to weak or guessable passwords, targets for phishing attacks, and hackable password databases.
The future of cybersecurity is rapidly evolving. If passwords are becoming a thing of the past, what will we have to protect ourselves on the internet? Find more about the future of cybersecurity
Subscribe to get your daily round-up of top tech stories!