Every year, on the first Thursday of May, World Password Day is celebrated, which in this 2021 of widespread remote working becomes even more relevant. Many users are under the false belief that a cybercriminal has no reason to have any interest in their person or their computer. For this reason, Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, wants to remember the importance of cybersecurity education and the effective use of passwords on this day.
The increase in remote working significantly increases the potential for security breaches in a company, and it is for this reason that the robustness and strength of passwords are more important than ever. Passwords continue to be the most widely used system to keep personal data safe or to allow access to a service, both personally and professionally, and therefore a clear target for cybercriminals. Check Point Software wants to warn about the main tactics used to steal passwords and provide the necessary advice to prevent any person or company from becoming a victim:
- Phishing attack: This methodology has become one of the most widely used tools for stealing passwords and usernames. It works in a simple way: sending an email that appears to come from trusted sources (such as banks, energy companies, etc.) but which, in reality, aims to manipulate the recipient in order to steal confidential information. In this case, one of the best recommendations is to choose to enable two-step authentication. This extra layer of security prompts the user to enter a second password, which usually receives via SMS. In this way, access to an account is prevented even if they have prior information about their credentials.
- Brute-force or dictionary hacking: This type of cyber-attack involves trying to crack a password by repetition. The cybercriminals try different combinations at random, combining names, letters and numbers, until they come up with the right pattern. To prevent them from achieving their goal, it is essential to implement a complicated password to make it difficult for them. To do this, it is necessary to leave out names, dates or very common words. Instead, it is best to create a unique password of at least eight characters that combines letters (both upper and lower case), numbers and symbols.
- Keyloggers: These programmes are capable of recording every keystroke made on a computer and even what you see on the screen, and then sending all the recorded information (including passwords) to an external server. These cyber-attacks are usually part of some kind of malware already present on the computer. The worst thing about these attacks is that many people tend to use the same password and user for different accounts, and once one is breached, the cybercriminal gains access to all those who have the same password. To stop them, it is essential to use a single option for each of the different profiles. To do this, a password manager can be used, which allows both managing and generating different robust access combinations for each service based on the guidelines decided upon.
“When it comes to guaranteeing the highest level of cybersecurity, it is just as important to have the most advanced technologies as it is to prevent risks such as password theft,” said Evan Dumas, Regional Director, Southeast Asia and Korea, at Check Point Software Technologies. “Both phishing and keyloggers are two types of attacks that are used on hundreds of devices. This risk can be easily remedied by configuring varied and robust combinations of at least eight characters interspersed with letters, symbols and punctuation marks. In this way, cybercriminals will find it much more difficult to get hold of the passwords and we will ensure the highest level of security on our computers”.