Good time!
Do you know that in almost 20-25% of cases of hacking mail, social pages. networks (etc.) - are the users themselves to blame? Well, imagine, a person sets the date of his birth as a password to his e-mail (which is known to everyone who goes to see his page on the social network, and can also assess the level of his income).
Then there is a simple brute force method, and voila, the attacker gained access to mail (and using e-mail, he gained access to a dozen more services where the person was registered; to personal correspondence; possibly even to electronic money). It would seem trivial, but this happens all the time ...
So, in this small informational reference article I will give some tips that were inspired by this topic. Think security is never superfluous?
So...
*
Strong password
Brief educational program
- the password contains letters of different registers (note: "X", "k");
- numbers and specials are also used. symbols ("!", "~");
- no coincidences with the last name, first name, date of birth of you and your friends, relatives;
- it is at least 8 characters long. It is almost impossible to guess such a password by brute-force method (at least it will take more than 1 year, and hardly anyone will dare to do it);
Perhaps this is the very minimum that guarantees some kind of protection. Of course, this password is not very convenient to enter, but is it not so often necessary to do it? (modern browsers remember the entered passwords and then substitute them into the form on their own)
In addition, now in many services there is such a function as two factor authentication(recommended to include) ... Most often, your phone is used, in addition to the password, you will need to enter a small code (it is different every time) sent to you by SMS, in messengers by a bot (Viber, Telegram), etc.
A few examples.
Reliable:
- "HgFSbcvgSkO8! #Kd";
- "NDHllsMkSHjMNG34!";
- "Bdg ~! JuG? A; +".
Hopelessly:
- "120592";
- "123456";
- "Ivanova88".
The most common mistakes are:
- use the dates of birth (yours and your relatives, friends). Hope you can understand what is special. scripts can find this information in a few seconds on your social media page. networks and try them all by brute-force?
- use first and last names (this is generally the most popular mistake). Many people believe that if they write their (or their loved ones) surname in the Latin alphabet, then this is reliable. Disappointingly, the same scripts will easily and quickly declare your publicly available data (in different languages, adding the date of birth to them);
- using a phone number as a password is also ridiculous. Firstly, all your friends know it, secondly, many people also have it in the public domain, and thirdly, there is a special one. lists of numbers for certain regions.
- nicknames of your pets, favorite football player or sport, name of the game, cars, etc. All this is also easily guessed by the brute force method.
Pay attention to the table below, it contains the most popular passwords - some top 50 (although it is relevant for foreign users). As you can imagine, there are similar signs for the Russian audience, and not the top 50, but the top 2000 (for example).
50 of the most popular and at the same time ridiculous passwords
And if you think so, then the attacker only needs to take such a table, plus use various combinations of the victim's birth / surname, first name, patronymic / phone number and check them. To iterate over 5000-20000 combinations using automatic scripts - there is nothing to do. And, unfortunately, every 6-8th account will be hacked (based on statistics).
*
Add-ons are welcome ...
All the best!
