This summer a large variety of security passwords were thieved from different email and storage solutions. How does this happen and how can you protect yourself against information loss using public networks?
How leaking of email security passwords occur
From the viewpoint of information security, password flow can have three main causes:
1. Robbery of security passwords information source from the e-mail server.
2. Use of harmful application on the customer’s pc, for example, viruses or remote monitoring software.
3. Use of security passwords restoration process for password theft.
The most popular taking method
At first sight, the most apparent way security passwords flow is when information source with security passwords are thieved from the e-mail server, for example, by employees maintaining the organization’s server, or through taking advantage of application weaknesses on the e-mail server. However, it’s often not that easy. The fact is, that if a organization likes you about information safety, security passwords are not saved brazenly. They are secured or, to be more specific, the information source shops only a hash use of the protection passwords. In this case, the protection passwords are transformed in a way that makes it impossible to restore. When a customer goes into security passwords for his/her mail box, a hash operate is re-calculated, and the consequence is compared with the value that is saved in the information source. However, after taking the information source with “hashes”, the enemy, can actually crack some records. To do this, he takes a record containing the most common security passwords (something like “12345”, “qwerty”, or other series of signs on the keyboard; about a few hundred thousand passwords) and determines their hash value. By evaluating the results obtained with the information source, the enemy discovers records with related hash features. As a consequence, he gets access to all records with security passwords that were in the record. Although a variety of security methods were developed against such password wondering, it still remains relevant. Outlining, we reach the following conclusions:
1. Stealing information source only allows assailants to compromise records with easy security passwords (i.e., those that an enemy is able to guess) or short security passwords (i.e., those that can be thought using raw processing power).
2. If a customer has an extended enough password, composed of unique figures, he doesn’t need to worry about information source theft.
How can I understand that a server or a community uses password encryption?
This is quite easy to check. You just need to demand password restoration. If you receive security passwords in a return message, it means that it is brazenly saved in the information source. If the server demands change the password, then most likely, the information source shops hash features only.
That’s not all
The second technique to grab security passwords comes down to using a variety of viruses – viruses, phishing sites, etc. to grab the users’ security passwords directly from their pc or when security passwords is joined on websites. The apparent ways to deal with this approach of theft is to be careful when working on the Online and to use an anti-virus program. Another effective technique every 3 months totally reset the password: assailants usually grab security passwords for future use, and do not use it immediately after the theft.
The third technique of theft is associated with the process to restore a neglected password. This is the easiest way to grab security passwords from a familiar person, for example, with the help of his cell phone that he left unwatched on his office desk. There is no easy way to protect you against such theft. However, you should remember that password theft is most often associated with password replacement, so if security passwords is instantly changed without your demand, most likely, it was thieved.
Hacked Apple iCloud and Google Googlemail accounts
The associates of these companies stated the online hackers had used the second technique, so in substance, it occurred due to negligence and lack of experience of customers. However, on the Online you can also find the viewpoint that there was information source theft, indicating that not all the protection passwords were compromised, but only the easy ones. Whatever occurred in reality, it should be highlighted that the records of customers who closely followed the protection recommendations of contact information solutions (long security passwords, regular changes, security installed against viruses and phishing) stayed unhacked.