Digital Downshifting or Top 5 Ways to Get Hacked

Tired of your privacy? Fed up with your sensitive data? Too much money on your credit card? Want to try out some sort of digital downshifting? We can help you. Here's ten tips on how you can help hackers crack your accounts.

1. Use a popular password.

Yes, it's as easy as that. You won't believe how many people think it's terribly witty to use the word 'password' as their password or how many folks are too lazy to think up a better character combination than '123456' or 'qwerty'. We have already explained in one of our articles that modern hackers do not really try to hack your passwords anymore and rather just steal them; but when they do, the chances that they brute-force yours grow exponentially if you're using one of the popular combinations.

SplashData, an app developer specializing in password managing solutions, has recently published a list of 25 most popular passwords in 2012. The list is based on the hacked account data that dudes like Anonymous and the like regularly publish on the Web:

  • 1. password (Unchanged)
  • 2. 123456 (Unchanged)
  • 3. 12345678 (Unchanged)
  • 4. abc123 (Up 1)
  • 5. qwerty (Down 1)
  • 6. monkey (Unchanged)
  • 7. letmein (Up 1)
  • 8. dragon (Up 2)
  • 9. 111111 (Up 3)
  • 10. baseball (Up 1)
  • 11. iloveyou (Up 2)
  • 12. trustno1 (Down 3)
  • 13. 1234567 (Down 6)
  • 14. sunshine (Up 1)
  • 15. master (Down 1)
  • 16. 123123 (Up 4)
  • 17. welcome (New)
  • 18. shadow (Up 1)
  • 19. ashley (Down 3)
  • 20. football (Up 5)
  • 21. jesus (New)
  • 22. michael (Up 2)
  • 23. ninja (New)
  • 24. mustang (New)
  • 25. password1 (New)

Apart from far-reaching (and mostly sad) anthropologic and sociologic conclusions that you can draw from the list, it won't take you long to figure out these 25 short character sequences account for possibly more than 50% of passwords. It means that if someone wants to hack your account, the first thing they'll do will be to try the entries from this list.

2. Use one password for all accounts

That's pure logic. It's always easier to break open one lock than fifty of them. It's always easier to crack one password than sixty of them. If you have N accounts, an attacker can crack each of them in X minutes, and you have separate passwords for each of them, it will take the hackers X*N minutes to get to all your accounts. If you use only one password, the time is reduced down to X minutes. If you use one of the most popular passwords I have mentioned above, then X=0.01.

Dont Forget to Use Different PasswordsDon’t Forget to Use Different Passwords

3. Use a desktop-based password manager

You can do whatever you want, you can say whatever you want, but there is not a single chance you'll convince me that the programs on your desktop (read: desktop/laptop/smartphone/tablet) can be protected better than a remote server. Honestly, look at the pricing for home security software and compare it with the pricing for corresponding enterprise versions. I daresay there is a difference between them and this difference is not that small. Ergo, no matter how well your computer seems to be protected with legions of Kasperkys and Aviras and whatnot, the probability of you being hacked is still orders of magnitude higher than the probability that some decently protected server falls victim to hackers.

Now look what happens when you use a desktop-based password manager. You take all your passwords, literally all of them, and gather them in one very thinly protected place. To use a metaphor, you withdraw all your money from your bank accounts and stack it behind a quarter-inch-thick cardboard door. Now, if somebody wants to appropriate your dough, they only have to bring along a cardboard knife instead of robbing all your banks with rifles and the police on their tail and years in gaol, and all the trimmings. So, if you're really determined to wave goodbye to your sensitive data, a desktop-based password manager would be the best choice.

4. Use Facebook

Facebook has made it hilariously easy to get hold of your e-mail address. For example, Bogomil Shopov, a Bulgarian blogger, was able to buy personal Facebook data of 1.1 million users for as much as... $5.5. Madre de Dios, 1.1 million users for 5.5 dollars! Assuming that the user numbers of one billion accounts as of this October are true, theoretically you can purchase the personal data of all Facebook users for $5000. Things that are won hard do not come for such a measly price.

Bogomil Shopov Bought Personal Data of 5.5 Million Facebook Users for $5.5Bogomil Shopov Bought Personal Data of 5.5 Million Facebook Users for $5.5

What does it effectively mean for us, digital downshifters? It means that some malicious hackers can get our e-mail address in approximately null-point-nothing seconds. Combine it with the dead-easy-to-crack passwords like 'iloveyou' or 'letmein' and our one-password policy, and we can bring the crack times for all of our accounts to as low as several minutes. Yea!

5. Use Wrong Security Questions

Imagine you've chosen a security question like 'What's your favorite film?'. Statistically, the number of people who would say 'The Avengers' or 'The Shawshank Redemption' will be way higher than that of people liking 'Ran' by Kurosawa. It means that trying 'The Shawshank Redemption' has more chances to be a right guess.

Now imagine that you've chosen your Mom's maiden name as the security question. Now, if someone decides to crack your account of all, they may take the trouble to search for this name, and you may be sure that most often it's not even that hard to find out.

In other words, picking an easy-to-answer security question is the final touch to your making your privacy non-existent.

We hope that now, armed with that advice, you will finally be able to indulge in digital downshifting and make all your passwords and sensitive data publicly available on another Anonymous site.

Picture Credit: playstationhq.de, virang-a.blogspot.com.

Comments

0 comments
You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <em> <i> <q cite=""> <s> <strike> <strong>