How Do Passwords Get Stolen?
Techquickie
·Techquickie
·2017-05-06
·
931 words · ~4 min read
0:00
odds are that the keys to your car or your house are never too far from your
0:05
site since having them stolen would mean breaking a window to get back in or
0:10
calling a lockout service at best or I
0:14
guess there's the worst case scenario of having someone be able to go into your
0:18
house rifle through all your stuff and drive off in your VW bus or whatever it
0:22
is you use to get around fortunately keeping track of a single physical key
0:27
or a few on a keychain isn't too hard hard but online passwords can be a
0:32
little bit trickier to manage as the fact that many users have tons of them
0:37
to keep track of and the fact that they're stored on a bunch of servers
0:41
somewhere instead of being a physical thing you carry around in your pocket
0:45
gives Mis creant more opportunities to pry into your online life but how
0:51
exactly do passwords get stolen I mean
0:54
they're supposed to be encrypted right
0:58
well yes but you might be surprised to know that many times passwords aren't
1:03
stolen by some crack group of cyber
1:07
criminals using super fancy hacking techniques but are instead harvested
1:12
through social engineering methods where the bad guys will straight up ask for
1:18
someone else's password this usually takes the form of a fishing attempt
1:23
where some Mal content will send you an email or a steam message that claims to
1:28
be from your ISP or your bank or valve
1:32
asking you to send your login credentials for some vague security
1:36
related reason there's a similar concept too called tab napping where you will
1:41
actually get redirected to a fake website that's built to look as much
1:47
like the real thing as possible where
1:50
you well enter your login information because the page looks official even if
1:56
you're techsavvy or smart enough to realize what's going on when you see a
1:59
fishing attempt it's actually still quite easy to inadvertently click links
2:05
in scam emails or dodgy websites that
2:08
install key loggers onto your system and send everything you type including
2:13
passwords back to an attacker that's how I got nabbed key loggers don't require a
2:19
whole lot of technical expertise to use making them a popular choice for amateur
2:24
online thieves and then once someone
2:28
unscrupulous has your usern name and password combo it's quite easy for them
2:33
to use automated tools that will try your credentials on lots of different
2:38
websites and since statistics have shown us that over half of all internet users
2:45
reuse the same password on multiple sites there is a distinct possibility
2:50
that if your password for one site is stolen your other accounts could be
2:54
compromised as well but let's suppose you're quite careful about fishing and
2:59
susp icious links and you use a unique password for every site exactly how safe
3:05
are you well if an attacker exploits
3:08
vulnerabilities in a server security and is able to find encrypted passwords they
3:13
could break the encryption if it's not sufficiently strong or if the password
3:19
themselves aren't very long a common way
3:22
that password dumps that leak your credentials to the entire internet can
3:27
happen even a mid-range modern home
3:30
computer can guess millions of passwords per second and billions if it uses a
3:35
discrete graphics card meaning that many passwords can be cracked within just a
3:39
few days or even hours if you're using commonly used words or phrases but you
3:45
obviously don't have much control over how the sites that you use store your
3:50
passwords so we're planning a follow-up video coming soon on what you can do to
3:55
make your own passwords as secure as possible and keep PR eyes away from your
4:01
stuff spoiler alert passwords like querty and 1 2 3 4 56 are terrible ideas
4:08
and yet they're used all too often and are very easy for attackers to guess so
4:13
maybe don't put those questionable conversations you had with your ex
4:18
behind a password that week and with all
4:21
this talk of encryption tunnel bear seems like an appropriate thing to bring
4:26
up tunnel bear VPN lets you tunnel to up to 20 20 different countries allowing
4:31
you to browse the internet and use online services privately as though you
4:35
are in a different country they have easy to use apps for iOS Android PC and
4:40
Mac they also have a Chrome extension and it's as simple as just hitting a
4:45
switch telling tunnel bear what country you want to Tunnel through and boom with
4:49
no Tom Foolery or technical DNS blah
4:52
blah blah your connection gets encrypted and your public IP address gets switched
4:57
you can bypass all that different ult to use stuff they've got a top rated
5:02
privacy policy they do not log user activity and you can try it out for free
5:06
with 500 Megs of data and no credit card required at the link in the video
5:10
description also at that link you can save 10% if you upgrade to an unlimited
5:16
account thanks for watching guys if you likeed this video like it if you disliked it dislike it if you want to
5:20
check out our other channels boom up there if you want to comment with a
5:23
suggestion for a feuture fastest possible it's down there and if you want to subscribe and follow we' really
5:27
appreciate that an awful lot