This may sound obvious, but many, many people and organizations use default passwords on their networked devices. Please do not do this! So soon as you have a device connected to a network, change the password. Bad actors, of all kinds, know these passwords. They keep them in files they call dictionaries that are ready to deploy in a password cracking attempt.
So…do not use default passwords!
Now, another plea I have for everyone with regard to passwords: use a different password for every account you have. Yes, I understand that this is a total pain in the (name a body part). That can't be helped. If you want to make your accounts less likely to be hacked, you need to have significantly different passwords for each account. Let me explain why. The bad actors know that humans are innately lazy and love the idea of reusing passwords. What they do is bruteforce attempts at your accounts. Bruteforce is the term for trying every single possible combination. It is time consuming, but they write programs to run through all the combinations. At the speed of processes these days, it does not take them long to test every possibility within a limited scope (e.g. 8-character long password). For example, let’s say Jane User has a hotmail email account, janeuser@hotmail.com. Bad actors know that most people have multiple email accounts. They look up all the email addresses for any and every email service. Then they start trying to find the password for Jane User’s accounts. As soon as they find a successful password for one of the accounts, they try that same password on all the other accounts to see if it works. If Jane User has re-used a password from one email account on another password account, they are in. Remember that dictionary I mentioned earlier, not only are default device passwords in it, but popular passwords are also in it. Passwords like princess123, qwerty123, and password are included in this dictionary. Once a password has been found to work on one account, it is added to the dictionary to use on other accounts later. This method is known as a dictionary attack.
Accounts that limit the number of consecutive failed log-ins or that require multi-factor authentication help cut down on this. Any account without these mechanisms is still vulnerable to brute force and dictionary attacks.
Do I have to convince you not to reuse your old passwords?
Is your password so popular that it’s in a hacker dictionary? Take a look at the popular password in 2023: https://cybernews.com/best-password-managers/most-common-passwords/
Comments