In late 2017, the security monitoring team at 4iQ made a stunning discovery while investigating the Dark Web. Somebody (or a group of people) had uploaded a vast database of 1.4 billion User IDs and passwords. Every record was presented unencrypted, in clear text format.
So anyone with access to Tor could download accurate login details for people across the world as well as passwords related to all sorts of popular sites, from Hotmail to LinkedIn.
These disclosures demonstrate the existence of a huge industry involved in hacking, storing and distributing passwords. And the scale of the operation suggests that nobody is safe from password hacking. So what can you do to make your credentials as secure as possible?
Certainly there are plenty of things to bear in mind if you want to keep your passwords well clear of the Dark Web archives in future. He we give our eight top tips.
1. Changing passwords regularly is one of the best defenses
One of the most disturbing revelations from the 2017 password dump was how often passwords are reused. Researchers found examples of passwords being reused multiple times across different websites, opening up users to extremely damaging identity theft attacks.
If you want to minimize the chances of being devastated by a future password dumping episode, be sure to rotate your passwords all the time, changing them on a regular basis, and using unique passwords that are difficult to guess.
2. Stay informed about password hacking news
Keeping an eye on cyber-security news is another sensible habit to develop. When password hacks are detected, they don’t always make headline news, and you won’t always be notified by companies when they fall victim to hackers.
Signing up for updates from tech news sources like TechCrunch and the Register can help, while sites like HaveIBeenPwned provide a handy way to search databases of email addresses that are known to have been hacked.
And when major disclosures like the 2017 Dark Web story emerge, be sure to do whatever you can to secure your account. Too many people take password security for granted, assuming that their details are safe. But you simply can’t be sure, and taking precautions is definitely the wisest course of action.
3. Be extra-careful when using your email account
Hackers often acquire user details via email phishing. By sending emails with malicious attachments, they can implant malware onto target computers which is able to harvest personal data. Or they might try to lure you onto a fake website which encourages users to enter sensitive information.
In either case, it’s vital to be very careful when opening emails, even if they seem to come from a close friend. Phishers are highly skilled at masking their intentions, and their emails often look like the real thing (such as invoices from Amazon).
However, if you check the actual email address, there will usually be discrepancies which give phishers away. And remember: reputable companies won’t ask for “access to your computer” or personal details via unsolicited emails. So just be cautious. Anyone can become a phishing victim, even hardened cybersecurity victims.
4. Take steps to evade the attention of keyloggers
Keyloggers are viruses which work by recording every keystroke made by users, before sending this information to hackers. It’s an effective way to harvest passwords (and plenty of other useful details), but there are ways to neutralize these nuisances.
One measure you can take is to download and install a virtual keyboard. These apps bypass your keyboard, using an on-screen interface instead. Because the keys aren’t involved, virtual keyboards can render keyloggers useless. But they don’t work in all cases.
To really make the most of these tools, you’ll also need a watertight antivirus package. In fact, this is fundamental if you’re serious about protecting your passwords. So don’t skimp and opt for cheap alternatives. Opt for industry-leading antivirus software from companies like Norton, Kaspersky or Bitdefender.
5. Don’t mess around with your Firewall settings
Windows Firewall offers an effective barrier between your computer and a whole host of online nasties. However, it’s surprising how often users switch the firewall function off, leaving themselves open to a variety of attacks.
If your connection speeds are slow, don’t automatically blame your firewall. Dispensing with its protection should be a last resort, and it’s easy to forget when you disable it.
6. Learn how to sandbox .exe files
Sometimes, you might need to run a .exe (program) file, but know very little about the source. In those cases, it pays to be very cautious, as it’s all-too-easy to implant malware on your system inadvertently. And that can even happen with applications that are perfectly legitimate.
In situations like that, help is at hand. Apps like Sandboxie allow you to isolate .exe files when they are downloaded, so they are prevented from making changes to your system. You can even sandbox your email accounts, making it easier to manage attachments.
7. Start using a password manager
Most of us have to juggle a range of passwords for the accounts we use and, let’s face it, doing so is both inconvenient and dangerous. Often, we simply get lazy. Instead of using strong passwords, we revert to closely related phrases or words which are probably pretty easy to guess.
That’s where password managers come in handy. Tools like LastPass are invaluable if you manage a mountain of online accounts. They automatically store usernames and passwords on the sites you use, filling them in when required.
8. Install a high-quality VPN
Finally, it’s definitely a good idea to invest in the extra layer of protection provided by a reliable VPN (Virtual Private Network). These tools create encrypted “tunnels” between your system and websites, while also anonymizing your IP address.
Both features make it harder for hackers to penetrate your accounts with malware like keyloggers. VPNs are also essential when using unsecured wi-fi networks, which are incredibly vulnerable to cyber-criminals.
Added together, all of these ideas should minimize your exposure to password hacking in the future. As usual with online security, you can’t totally remove the risk, and you certainly shouldn’t become complacent. But if you take precautions, you’ll have a much better chance of keeping your details secure.