How to improve your online safety in 2021. Last year has been a wreck for most of us, and even though there’s light at the end of the tunnel due to successful Covid-19 vaccines, it will still take time, and there’s a lot to be done. This means that plenty of people will still have to stay at home to remain safe.
Quarantine proved to be a challenging task with numerous unexpected problems, and one of them is cybersecurity. Since so many people started working from home, it came to light that personal device safety and home computer network security is of utmost importance. Hackers started targeting unprotected networks. It was revealed that many people lack adequate cybersecurity measurements, and, for example, use easy-to-guess passwords instead of impossible to crack ones.
We’ve written some tips on how to secure your devices, but in this article, we’d like to draw your attention to the problem of password management. We’ll start with some statistics and later advice on protecting your passwords and improving your online safety!
How did the quarantine affect cybersecurity?
Cybersecurity was one of the issues that nobody thought of when the quarantine began. However, soon into the first months of the lockdown, cybersecurity experts noticed an increase in cybercrime. Hackers exploited two things: the fact that people started working from home; and Covid-19 stress factor to launch a new set of scams.
According to statistics gathered by ZDNet, email scams, or the so-called phishing, increased by 667%, and there are billions of newly created Covid-19 web pages that are nothing more but malware-infested scams. Cybercriminals are successfully exploiting the psychological factor and fear-mongering because it’s tough to resist opening an email regarding personal health. And if there’s an attachment saying it has essential information about the spread of Covid-19 in your location, a lot of people will open that out of fear of missing out something important.
Last year in March Ursula von der Leyen, the European Commission president, also stated that there’s a significant increase in cybercrime all across the region. Hackers are using the fact that people are spending more time online for their advantage. It’s crucial to take some action, because what could be worse than falling victim to a cyberattack when the quarantine has already made life very hard.
What’s important to understand is that when you’re working from the office, the network you’re connected to is appropriately secured. It has a strong firewall to filter incoming and outgoing traffic and block suspicious elements. There’s a systems administrator that knows how to handle network and security, tons of applications that identify and neutralize malware, and so on. All of this is gone when you start working from home, and it is our responsibility to secure ourselves online.
One of the issues is password management. According to research by PCMag, the most common passwords in 2020 include “123456”, “password”, “qwerty”, and other extremely easy to guess ones. And it’s a massive problem because nowadays people use many applications that they pay for, and hackers can steal those accounts if they guess the password, which is not that hard when it’s “123456”. In other words, people are paying salaries to cybercriminals by granting them access to their accounts, which draws even more people to cybercrime.
But guessing the password is not the only way to steal a personal account. To make this task easier and automate it, hackers developed credential stuffing cyberattack, exploiting data-leaks, weak and reused passwords. This attack is straightforward to execute and can cause financial damages and also increase during the quarantine, so let’s look deeper at what it is and what can be done to defend against it.
What is Credential stuffing cyberattack?
Credential stuffing is a cyberattack that has been around for nearly a decade and is used to steal people’s online accounts. It’s an easy-to-execute cybercrime with relatively high returns, and that’s why so many young cyber criminals do it – it’s an easy grab.
It works by exploiting weak and reused passwords that were exposed during some data-leak, and there’s an abundance of those. Billions of e-mail-password combinations are being sold on Dark Web alongside software required to launch a Credential stuffing attack. All of this can be obtained for a low price, that frequently doesn’t even reach a hundred dollars.
First of all, a hacker obtains a data-set of leaked emails and passwords – usually buys it in illegal Dark Web markets. Then he uses automatization software that takes these combinations and tries it on a different service. For example, Armor games, a popular video games website, had a big data leak several years ago, and if you used the same email and password to register both on Armor games and, for example, Netflix, a hacker could steal your account.
The problem is that a lot of people reuse their passwords. It’s nearly impossible to remember a long and complex password for every single account, but that’s what’s necessary to stay safe online these days. If you’re not convinced, you can read about a Disney+ credential stuffing attack, and how many people lost their accounts due to reused passwords and had to pay again.
As you can see, the attack itself is sort of trivial, but that’s why it’s effective. Luckily, there’s an easy way to defend your accounts against it – a password manager.
How to manage your passwords
As stated before, it’s impossible to remember many complex passwords by heart. That’s why cybersecurity experts developed password managers, computer software that allows you to do just that. Moreover, advanced encryption algorithms ensure that your passwords aren’t exposed to anyone else, only to the person holding the decryption key – which is you!
Good password managers usually come in with a password generator, which you can use to generate long passwords with upper and lower case letters, numbers, and symbols. Then it stores all of these passwords for each account in an encrypted vault, accessible only to you. When you want to login to your account, you won’t have to input anything by hand anymore, and it will autofill the username-password combination for you, saving you some time!
So not only will it protect your online valuables, but also make your browsing experience more comfortable. And when it comes to Credential stuffing attacks, they all rely on the fact that the same password has been used twice or more. And by using a password manager, you can have as many passwords as you like.
So don’t give a hacker your beer-money, and don’t let your accounts be stolen because you used the same weak password more than once!