Hackers use at least three methods to obtain user credentials: brute force, searching through stolen databases, and phishing. Therefore, it is useful to know the most common mistakes users make when creating. R-Vision product manager Viktor Nikulichev told socialbites.ca about this.
The first mistake users make is the lack of two-factor authentication.
“An important method of protection is two-factor authentication, which adds an additional layer of security to the usual password entry. Users must provide two separate methods to verify their identity: something they know (like a password) and something they have (a code generated by a mobile app, a finger, etc.). “This extra step reduces the possibility of unauthorized access. Even if the attacker has obtained your username and password, they will not be able to reach the target resource without the second factor,” he explained.
Additionally, to protect against hackers, password leaks need to be regularly monitored using dedicated resources.
“Browsers like Google Chrome and Apple Safari now automatically display information about potential threats and unsecured passwords. A proactive approach to your security will help you prevent unauthorized access to your personal and social media accounts. Additionally, as a preventative measure, it is recommended to change passwords regularly for services that contain critical information, such as Government Services or banking applications. The expert added that this method should be used to increase protection and minimize risks.
Users also often create passwords that are easy to remember and can be entered quickly at a prompt.
“For example, the most popular combinations in databases of stolen passwords are qwerty, 12345 or password. In Cyrillic, users often choose names or common words such as “love” or “hello”. These types of passwords are highly vulnerable, as hackers use them primarily to gain access to personal data. Therefore, it is recommended to avoid using simple combinations when registering on important sites,” noted the expert.
According to Nikulichev, one of the most common and critical mistakes is using a single password for all resources. A user’s security depends not only on the strength of their password but also on the service they are registered with. Therefore, if the site is attacked by hackers and the attackers capture account information, the security of other resources will also be at risk.
“It’s important to remember that the security of services depends on the combination of steps you take to stay safe online, rather than password complexity alone. To create a strong password, you need to focus on several factors: complexity and length, use of special characters, numbers, and uppercase and lowercase letters.”
For example, a strong password should be at least 12 characters long, as long passwords are harder for hackers to crack. Additionally, the password must be different; so use a combination of letters (uppercase and lowercase), numbers and symbols. If you doubt that your password is safe, turn to special programs – password managers that automatically generate complex combinations and help you safely “remember” them in the cloud.
“Also remember that the password should not be logical or predictable. Create combinations that make no sense. This way, you can avoid hackers using a dictionary guess to determine a potential victim’s password. You can also use passwords, which are strings of words that are easy for the user to remember, but difficult for a hacker to guess,” the expert emphasized.
If you suspect that your password has been compromised, you should change your password immediately before the attacker can log into your account. The signal will be: notifications about suspicious activity on your accounts and an attempt to authorize under your account. In the latter case, it is important not to follow the link in the email or SMS notification, but instead replace it on the website to avoid falling into phishing. Nikulichev summarized that if your password has been used many times, you need to change it on all resources.
Russians before saidHow to identify a fake document on the Internet.