Password Threats

 Possible Vulnerabilities arePassword

  • The passwords could be shared with other persons and might be misused.                                                                  
  • The passwords can be forgotten.
  • The Stolen passwords can be used by unauthorized user and may collect your personal information.

Various Techniques used by hackers to retrieve Passwords

Shoulder Surfing

One way of stealing the password is standing behind an individual and over look their password while they are typing it (Shoulder Surfing) .Shoulder Surfing is a direct observation technique, such as looking over someone's shoulder, to get passwords, PINs, other sensitive personal information and even listen in on your conversation if you give your credit-card number over the phone.
Shoulder surfing is easily done in crowded places. It’s comparatively easy to stand next to someone and watch as they fill out a form, enter a PIN number at an ATM machine, or use a calling card at a public pay phone. It can also be done long distance with the help of binoculars or other vision-enhancing devices.Your confidential information will be at risk if your passwords are observed by Shoulder Surfers. They can use your password information for logging into your account and they may do harm to your information.

How to prevent it?

  • Be aware of Shoulder Surfers at public places or schools while you are  entering your passwords into the login accounts. 
  • Do not reveal your passwords in front of others or type your usernames and passwords before the unauthorized persons.
  • Cover the keyboard with paper or hand or something else from viewed by unauthorized users.    

Writing your passwords on the papers or storing it on hard disk

The strangers search for the papers or the disk for passwords where they have been written.

tip2.png You should not write the passwords on the paper or on any disk drive to store it.  Explain them that brain is the best place to store them

Bruteforce attacks

Another way of stealing the password is through guess. Hackers try all the possible combinations with the help of personal information of an individual. They will try with the persons name, pet name (nick name), numbers (date of birth, phone numbers), school name…etc. When there are large number of combinations of passwords the hackers uses fast processors and some software tools to crack the password. This method of cracking password is known as "Brute force attack". 

tip2.png You should not use a password that represents their personal information like nicknames, phone numbers, date of birth etc.

Dictionary attacks

Hackers also try with all possible dictionary words to crack your password with the help of some software tools. This is called a "Dictionary attack".

tip2.png You should not  use dictionary words (like animal, plants, birds or meanings) while creating the passwords for login accounts.

Sharing your passwords with strangers

Sharing the passwords with the unknown persons (strangers) may also lead to loss of your personal information. They can use your login information and can get the access to your information. The operating system does not know who is logging into the system, it will just allow any person who enters the credential information into the login page. The persons like strangers after getting access to your information they can do any thing with it. They can copy, modify or delete it.

tip2.png You must not  share passwords with unknown persons (strangers)

Using weak Passwords or blank passwords 

Weak and blank passwords are one of the easiest ways to attackers to crack into your system. 

tip2.png Always you need  to “Use Strong Passwords”

Address

Centre for Development of Advanced Computing, (C-DAC)
Plot No. 6 & 7, Hardware Park, Sy No. 1/1, Srisailam Highway, Pahadi Shareef Via Keshavagiri (Post) Hyderabad - 500005

Phone

Phone: 040-23737124/25
Mobile: 040-23737124/25

TollFree

1800 425 6235

Email Address

isea[at]cdac[dot]in