how good is my password

How Secure Is My Password? | Are passwords enough on their own?

The importance of having secure passwords and, if 2-factor authentication is an option, turning it on cannot be overstated.

This week, I had the opportunity to see firsthand just how frustrating it is to deal with an account hijack.

On Friday, the customer contacted me, as one of the retired partners had unfortunately been victim to a hijacked personal email account.

Password strength,

The hijacking was discovered when spam was sent from the compromised account, some of which was directed toward the retired partner’s old company.

Taking back control

First, I had to regain control of the hijacked accounts. Fortunately, the recovery mobile hadn’t been changed, so I could easily regain access.

If the hackers had updated the recovery options, it would have been challenging to regain control.

The hijackers changed the Reply-to address to a Hotmail address they controlled. Fortunately, this was relatively easy to spot and rectify.

Contact us for a free Dark Web privacy assessment.

It’s worth highlighting that all emails sent during the period under the hijacker’s control would have come from the legitimate account holder, and anyone who had responded would have responded to the hijacker’s account, ideal if you are planning a Phishing attack.

Less obvious was that the hijacker had created a rule labelled (..), which forwarded all emails sent to the legitimate account to the hijacker.

Fortunately, they had neglected to tick the box saying to leave a copy in the inbox, so new emails didn’t appear. So, it was evident that something was going on, and we removed the rule.

However, the hijacker received a copy of all incoming emails for the period the account was under their control.

It would have been infinitely worse had they hijacked a Microsoft, Dropbox or Google user, as they also have data access.

Remember this ploy: a more subtle hacker who managed to control the account without being spotted using a compromised password and the fact that 2-factor Authentication isn’t in place could have used this technique to receive any emails that came in intended for the victim for a longer period.

It is not a stretch of the imagination to see how this could have resulted in a severe data breach if it had been a compromised business user’s email, Microsoft.

Password strength, usernames, tool, password,

Know your password strength, password best practices

  1. The password used by our customer appeared in a list of known security breaches.
  2. Use strong passwords. Longer passwords using special characters and symbols such as $%&* are better. Don’t ever use weak passwords. In this case, it was too simple.
  3. Reusing passwords: The client didn’t have unique passwords, and passwords had been reused across multiple sites.
  4. The customer had not strengthened their security by turning on 2-factor authentication.
  5. Passwords are not an effective deterrent, but an account with 2FA enabled will be secure against all but the most determined hackers.

    As a result, other services using the breached password, including Facebook, Apple ID, and a Microsoft personal subscription, were also at risk of being hijacked by the hacker.

How To Create Secure Passwords and Increase Password Strength.

Hopefully, everyone now realises that password strength is related to complexity and length. Good habits and a few rules are enough to make a strong password, but passwords alone aren’t enough to secure accounts.

How good is my password? In isolation, the answer in almost all cases is not good enough.

Most passwords will take a few minutes to a few hours to crack using modern processing.

Without additional security, accounts using 16-character passwords will be cracked in a few hours, and as it’s a process known as brute force, it won’t get bored and go away.

See this article from the Daily Mail online to see exactly how quickly passwords are cracked.

password strength, unique passwords, use long passwords, lowercase charachters and symbols

I recommend Keeper Password Manager. Keeper creates secure passwords quickly.

The password checker monitors for compromised passwords and will let you know if your password has been reused.

This is usually the case early on when you first adopt a password manager, as Keeper has a really effective import function that pulls stored credentials from your browser.

password strength, keeper password, access passwords, keeper software, password hackers,

Keeper will even notify you of data breaches if a credential belonging to you appears on a known compromised password list.

Monitoring for data breaches and credential theft is easy to implement and cost-effective.

Don't use Common passwords like 123456, monitor data breach, password strength,

We provide a monitoring service that checks our customers’ domains and reports on any data breaches containing sensitive customer information, such as compromised passwords.

Why Is Strong Password Security Important?

Password Security is the first link in the security chain we create to protect our digital lives.

Other Ways To Protect Yourself Online

Heimdal database of known bad Internet websites protects your browser

We create a layered approach to security, starting with educating the client on what constitutes a strong password.

How good is my password?

Use a complex password of at least 12 characters long, but 14 or more is better. A combination of uppercase letters, lowercase letters, numbers, and symbols.

Don’t use a word that can be found in a dictionary or the name of a person, character, product, or organisation; don’t use the same password for multiple online accounts.

When browsing the Internet, it is vital to recognise risky situations and practices, but we are all fallible.

Hence, we implement technical solutions such as Heimdals web filtering solution and Conceal Browse that intervene if we accidentally visit a dangerous website.

The Impact of Stolen Passwords.

Stolen passwords are the most common cause of account compromise. Compromised accounts are often used in phishing campaigns and to send spam.