Your password can be the easiest way to protect your accounts from cybercriminals, or the easiest way for them to steal your money. Image: Flickr/Mickphoto CC-BY-SA
You may have noticed that it’s not as easy to log into your online account at the bank or credit union as it used to be. New regulations to increase online account security have made online banking safer but less convenient. As a result, many people get lazy with their passwords, but at any moment a hacker somewhere in the world could be waiting to steal your account information and your money.
Security is worth a little inconvenience
Despite stepped up efforts by financial institutions to defend online accounts from cybercriminals, online thieves stole about $559 million from personal and business accounts in 2009 — more than twice the $268 million stolen the year before. Internet security firms deal with fresh new attempts to circumvent account protection measures every day. One of the biggest threats to online banking is a strain of malware called “banking trojans.” Banking trojans are invisible packets of malicious code customized to steal specific types of data. The most advanced banking trojans can drain your account when you’re logged in and you won’t ever know it.
What a difference an asterisk makes
The best defense is often the one people are the least serious about: their password. The easiest way for a hacker to steal your password is with a “brute force attack” using password-cracking applications bearing names such as “Cain and Abel,” “John the Ripper” and “THC Hydra.” A process described by Internet security expert John Pozadzides involves turning loose one of these password crackers on the server for your bank, online forums you participate in or e-commerce sites where you’ve shopped. The hacker gives the password cracker instructions to try hundreds of thousands of password and user name combos. Once several pairings are found, the hackers go to those sites and test them. How long it takes to find those pairings depends on the password. Pozadzides said an eight-character password could take about 2.5 days for the password cracking tool to solve. However, by simply adding one capital letter and an asterisk, the processing time grows to 2.5 centuries.
You’re more vulnerable than you think
If you’re like most people, you probably use the same password for various online accounts. But everyone should have different user name and password combinations for each account. The password you think may matter least, such as personal email, could hurt you the most. A hacker’s strategy is to figure out your password for the most vulnerable account and then break into everything else. Something else to keep in mind is that if all your user names and passwords are stored unencrypted in the web browser cache on your home computer and you use a wireless router, you must change the default password on that device immediately. If you don’t, a hacker can park outside with a laptop, use a list of default passwords from by various device manufacturers, breach your network and rob you blind.
Sources
