Generally, access to a computer is protected by login name and password. For hackers usually, it becomes so easy to find out a password for given computer. There are many repeated usernames and passwords which is being used commonly by people. Google can find the system logs and may be visible on the internet.
Cybercriminals are targeting password managers by using the Citadel Trojan to access master passwords. According to a study of 2014 worst passwords are 12345, 12345678, qwerty, 1234567890, 1234, baseball, dragon and football. Designed to securely password manager software is now becoming a target for cybercriminals.
By brute force hackers tries to find password combinations until they get in. They find a combination which works then they get access to the server. It becomes successful when people use passwords like ‘123456' and usernames like ‘admin.' with short numerical passwords websites are starting to enforce stronger password policies.
How to Fix Them
If you find out any password in a list, as soon as possible change it. Take an advice from Microsoft MVP before creating a new password. This will protect your password that no one will have any idea of it.
Many time, creating a unique password for many websites is so difficult to remember it. Then either uses a password manager or consider adopting a password -alternative biometric products. Stop using same username/password combo across multiple sites.
In CES 2014, various respondents and companies were adopting biometrics to replace passwords.
Here is some advice for making passwords more secure:
- Try to make a password with eight characters or more and mixed type of character.
- Passwords like “Dr4mat1c” can be vulnerable to attackers.
- Passwords of random words combination like “j%7K&yPx$” can be difficult to remember. So easy method to recall passwords is to use passphrases – words with spaces or special characters. Like “do_it_by_your_hand”.
- Strong passwords must meet the minimum length. A secure password should include upper and lower case letters, number. A password should not comprise user's name or mailbox name.