{"video_id":"S_i8EhJWQ48","title":"How Do Passwords Get Stolen?","channel":"Techquickie","show":"Techquickie","published_at":"2017-05-06T14:58:16Z","duration_s":331,"segments":[{"start_s":0.08,"end_s":8.8,"text":"odds are that the keys to your car or your house are never too far from your","speaker":null,"is_sponsor":0},{"start_s":5.92,"end_s":14.599,"text":"site since having them stolen would mean breaking a window to get back in or","speaker":null,"is_sponsor":0},{"start_s":10.719,"end_s":16.48,"text":"calling a lockout service at best or I","speaker":null,"is_sponsor":0},{"start_s":14.599,"end_s":20.199,"text":"guess there's the worst case scenario of having someone be able to go into your","speaker":null,"is_sponsor":0},{"start_s":18.56,"end_s":24.68,"text":"house rifle through all your stuff and drive off in your VW bus or whatever it","speaker":null,"is_sponsor":0},{"start_s":22.279,"end_s":30.039,"text":"is you use to get around fortunately keeping track of a single physical key","speaker":null,"is_sponsor":0},{"start_s":27.359,"end_s":34.8,"text":"or a few on a keychain isn't too hard hard but online passwords can be a","speaker":null,"is_sponsor":0},{"start_s":32.599,"end_s":39.559,"text":"little bit trickier to manage as the fact that many users have tons of them","speaker":null,"is_sponsor":0},{"start_s":37.44,"end_s":43.32,"text":"to keep track of and the fact that they're stored on a bunch of servers","speaker":null,"is_sponsor":0},{"start_s":41.2,"end_s":47.48,"text":"somewhere instead of being a physical thing you carry around in your pocket","speaker":null,"is_sponsor":0},{"start_s":45.12,"end_s":54.96,"text":"gives Mis creant more opportunities to pry into your online life but how","speaker":null,"is_sponsor":0},{"start_s":51.12,"end_s":58.32,"text":"exactly do passwords get stolen I mean","speaker":null,"is_sponsor":0},{"start_s":54.96,"end_s":61.079,"text":"they're supposed to be encrypted right","speaker":null,"is_sponsor":0},{"start_s":58.32,"end_s":67.28,"text":"well yes but you might be surprised to know that many times passwords aren't","speaker":null,"is_sponsor":0},{"start_s":63.92,"end_s":69.96,"text":"stolen by some crack group of cyber","speaker":null,"is_sponsor":0},{"start_s":67.28,"end_s":75.32,"text":"criminals using super fancy hacking techniques but are instead harvested","speaker":null,"is_sponsor":0},{"start_s":72.84,"end_s":80.96,"text":"through social engineering methods where the bad guys will straight up ask for","speaker":null,"is_sponsor":0},{"start_s":78.32,"end_s":85.72,"text":"someone else's password this usually takes the form of a fishing attempt","speaker":null,"is_sponsor":0},{"start_s":83.84,"end_s":92.28,"text":"where some Mal content will send you an email or a steam message that claims to","speaker":null,"is_sponsor":0},{"start_s":88.36,"end_s":93.759,"text":"be from your ISP or your bank or valve","speaker":null,"is_sponsor":0},{"start_s":92.28,"end_s":99.32,"text":"asking you to send your login credentials for some vague security","speaker":null,"is_sponsor":0},{"start_s":96.64,"end_s":104.439,"text":"related reason there's a similar concept too called tab napping where you will","speaker":null,"is_sponsor":0},{"start_s":101.96,"end_s":110.28,"text":"actually get redirected to a fake website that's built to look as much","speaker":null,"is_sponsor":0},{"start_s":107.119,"end_s":112.759,"text":"like the real thing as possible where","speaker":null,"is_sponsor":0},{"start_s":110.28,"end_s":117.92,"text":"you well enter your login information because the page looks official even if","speaker":null,"is_sponsor":0},{"start_s":116.039,"end_s":122.119,"text":"you're techsavvy or smart enough to realize what's going on when you see a","speaker":null,"is_sponsor":0},{"start_s":119.92,"end_s":128.16,"text":"fishing attempt it's actually still quite easy to inadvertently click links","speaker":null,"is_sponsor":0},{"start_s":125.119,"end_s":131.039,"text":"in scam emails or dodgy websites that","speaker":null,"is_sponsor":0},{"start_s":128.16,"end_s":136.28,"text":"install key loggers onto your system and send everything you type including","speaker":null,"is_sponsor":0},{"start_s":133.72,"end_s":142.319,"text":"passwords back to an attacker that's how I got nabbed key loggers don't require a","speaker":null,"is_sponsor":0},{"start_s":139.76,"end_s":148.2,"text":"whole lot of technical expertise to use making them a popular choice for amateur","speaker":null,"is_sponsor":0},{"start_s":144.879,"end_s":150.48,"text":"online thieves and then once someone","speaker":null,"is_sponsor":0},{"start_s":148.2,"end_s":155.599,"text":"unscrupulous has your usern name and password combo it's quite easy for them","speaker":null,"is_sponsor":0},{"start_s":153.4,"end_s":161.239,"text":"to use automated tools that will try your credentials on lots of different","speaker":null,"is_sponsor":0},{"start_s":158.36,"end_s":167.8,"text":"websites and since statistics have shown us that over half of all internet users","speaker":null,"is_sponsor":0},{"start_s":165.08,"end_s":172.2,"text":"reuse the same password on multiple sites there is a distinct possibility","speaker":null,"is_sponsor":0},{"start_s":170.28,"end_s":177.2,"text":"that if your password for one site is stolen your other accounts could be","speaker":null,"is_sponsor":0},{"start_s":174.44,"end_s":182.12,"text":"compromised as well but let's suppose you're quite careful about fishing and","speaker":null,"is_sponsor":0},{"start_s":179.44,"end_s":188.959,"text":"susp icious links and you use a unique password for every site exactly how safe","speaker":null,"is_sponsor":0},{"start_s":185.64,"end_s":191.48,"text":"are you well if an attacker exploits","speaker":null,"is_sponsor":0},{"start_s":188.959,"end_s":196.36,"text":"vulnerabilities in a server security and is able to find encrypted passwords they","speaker":null,"is_sponsor":0},{"start_s":193.959,"end_s":202.599,"text":"could break the encryption if it's not sufficiently strong or if the password","speaker":null,"is_sponsor":0},{"start_s":199.44,"end_s":204.84,"text":"themselves aren't very long a common way","speaker":null,"is_sponsor":0},{"start_s":202.599,"end_s":210.28,"text":"that password dumps that leak your credentials to the entire internet can","speaker":null,"is_sponsor":0},{"start_s":207.239,"end_s":212.84,"text":"happen even a mid-range modern home","speaker":null,"is_sponsor":0},{"start_s":210.28,"end_s":217.56,"text":"computer can guess millions of passwords per second and billions if it uses a","speaker":null,"is_sponsor":0},{"start_s":215.56,"end_s":222.64,"text":"discrete graphics card meaning that many passwords can be cracked within just a","speaker":null,"is_sponsor":0},{"start_s":219.76,"end_s":228.2,"text":"few days or even hours if you're using commonly used words or phrases but you","speaker":null,"is_sponsor":0},{"start_s":225.519,"end_s":233.04,"text":"obviously don't have much control over how the sites that you use store your","speaker":null,"is_sponsor":0},{"start_s":230.68,"end_s":238.28,"text":"passwords so we're planning a follow-up video coming soon on what you can do to","speaker":null,"is_sponsor":0},{"start_s":235.959,"end_s":243.799,"text":"make your own passwords as secure as possible and keep PR eyes away from your","speaker":null,"is_sponsor":0},{"start_s":241.159,"end_s":250.439,"text":"stuff spoiler alert passwords like querty and 1 2 3 4 56 are terrible ideas","speaker":null,"is_sponsor":0},{"start_s":248.2,"end_s":255.879,"text":"and yet they're used all too often and are very easy for attackers to guess so","speaker":null,"is_sponsor":0},{"start_s":253.28,"end_s":261.959,"text":"maybe don't put those questionable conversations you had with your ex","speaker":null,"is_sponsor":0},{"start_s":258.12,"end_s":264.36,"text":"behind a password that week and with all","speaker":null,"is_sponsor":0},{"start_s":261.959,"end_s":269.199,"text":"this talk of encryption tunnel bear seems like an appropriate thing to bring","speaker":null,"is_sponsor":0},{"start_s":266.36,"end_s":272.88,"text":"up tunnel bear VPN lets you tunnel to up to 20 20 different countries allowing","speaker":null,"is_sponsor":0},{"start_s":271.16,"end_s":278.16,"text":"you to browse the internet and use online services privately as though you","speaker":null,"is_sponsor":0},{"start_s":275.56,"end_s":282.759,"text":"are in a different country they have easy to use apps for iOS Android PC and","speaker":null,"is_sponsor":0},{"start_s":280.639,"end_s":286.96,"text":"Mac they also have a Chrome extension and it's as simple as just hitting a","speaker":null,"is_sponsor":0},{"start_s":285.12,"end_s":292.639,"text":"switch telling tunnel bear what country you want to Tunnel through and boom with","speaker":null,"is_sponsor":0},{"start_s":289.36,"end_s":294.759,"text":"no Tom Foolery or technical DNS blah","speaker":null,"is_sponsor":0},{"start_s":292.639,"end_s":300.16,"text":"blah blah your connection gets encrypted and your public IP address gets switched","speaker":null,"is_sponsor":0},{"start_s":297.759,"end_s":304.199,"text":"you can bypass all that different ult to use stuff they've got a top rated","speaker":null,"is_sponsor":0},{"start_s":302.16,"end_s":308.919,"text":"privacy policy they do not log user activity and you can try it out for free","speaker":null,"is_sponsor":0},{"start_s":306.759,"end_s":312.72,"text":"with 500 Megs of data and no credit card required at the link in the video","speaker":null,"is_sponsor":0},{"start_s":310.88,"end_s":318.56,"text":"description also at that link you can save 10% if you upgrade to an unlimited","speaker":null,"is_sponsor":0},{"start_s":316.639,"end_s":322.44,"text":"account thanks for watching guys if you likeed this video like it if you disliked it dislike it if you want to","speaker":null,"is_sponsor":0},{"start_s":320.639,"end_s":324.919,"text":"check out our other channels boom up there if you want to comment with a","speaker":null,"is_sponsor":0},{"start_s":323.72,"end_s":331.639,"text":"suggestion for a feuture fastest possible it's down there and if you want to subscribe and follow we' really","speaker":null,"is_sponsor":0},{"start_s":327.84,"end_s":331.639,"text":"appreciate that an awful lot","speaker":null,"is_sponsor":0}],"full_text":"odds are that the keys to your car or your house are never too far from your site since having them stolen would mean breaking a window to get back in or calling a lockout service at best or I guess there's the worst case scenario of having someone be able to go into your house rifle through all your stuff and drive off in your VW bus or whatever it is you use to get around fortunately keeping track of a single physical key or a few on a keychain isn't too hard hard but online passwords can be a little bit trickier to manage as the fact that many users have tons of them to keep track of and the fact that they're stored on a bunch of servers somewhere instead of being a physical thing you carry around in your pocket gives Mis creant more opportunities to pry into your online life but how exactly do passwords get stolen I mean they're supposed to be encrypted right well yes but you might be surprised to know that many times passwords aren't stolen by some crack group of cyber criminals using super fancy hacking techniques but are instead harvested through social engineering methods where the bad guys will straight up ask for someone else's password this usually takes the form of a fishing attempt where some Mal content will send you an email or a steam message that claims to be from your ISP or your bank or valve asking you to send your login credentials for some vague security related reason there's a similar concept too called tab napping where you will actually get redirected to a fake website that's built to look as much like the real thing as possible where you well enter your login information because the page looks official even if you're techsavvy or smart enough to realize what's going on when you see a fishing attempt it's actually still quite easy to inadvertently click links in scam emails or dodgy websites that install key loggers onto your system and send everything you type including passwords back to an attacker that's how I got nabbed key loggers don't require a whole lot of technical expertise to use making them a popular choice for amateur online thieves and then once someone unscrupulous has your usern name and password combo it's quite easy for them to use automated tools that will try your credentials on lots of different websites and since statistics have shown us that over half of all internet users reuse the same password on multiple sites there is a distinct possibility that if your password for one site is stolen your other accounts could be compromised as well but let's suppose you're quite careful about fishing and susp icious links and you use a unique password for every site exactly how safe are you well if an attacker exploits vulnerabilities in a server security and is able to find encrypted passwords they could break the encryption if it's not sufficiently strong or if the password themselves aren't very long a common way that password dumps that leak your credentials to the entire internet can happen even a mid-range modern home computer can guess millions of passwords per second and billions if it uses a discrete graphics card meaning that many passwords can be cracked within just a few days or even hours if you're using commonly used words or phrases but you obviously don't have much control over how the sites that you use store your passwords so we're planning a follow-up video coming soon on what you can do to make your own passwords as secure as possible and keep PR eyes away from your stuff spoiler alert passwords like querty and 1 2 3 4 56 are terrible ideas and yet they're used all too often and are very easy for attackers to guess so maybe don't put those questionable conversations you had with your ex behind a password that week and with all this talk of encryption tunnel bear seems like an appropriate thing to bring up tunnel bear VPN lets you tunnel to up to 20 20 different countries allowing you to browse the internet and use online services privately as though you are in a different country they have easy to use apps for iOS Android PC and Mac they also have a Chrome extension and it's as simple as just hitting a switch telling tunnel bear what country you want to Tunnel through and boom with no Tom Foolery or technical DNS blah blah blah your connection gets encrypted and your public IP address gets switched you can bypass all that different ult to use stuff they've got a top rated privacy policy they do not log user activity and you can try it out for free with 500 Megs of data and no credit card required at the link in the video description also at that link you can save 10% if you upgrade to an unlimited account thanks for watching guys if you likeed this video like it if you disliked it dislike it if you want to check out our other channels boom up there if you want to comment with a suggestion for a feuture fastest possible it's down there and if you want to subscribe and follow we' really appreciate that an awful lot"}