October is National Cyber Security Awareness month, and UNMC and Nebraska Medicine Information Security is offering guidance to assist users in helping to keep the med center’s environment safe.
Passwords are considered the keys to the kingdom, so it is essential that users keep their passwords safe and secure. Usernames and passwords enable users to log on to company systems because they serve as a basic form of identification: a computer can reasonably assume people are who they say they are if they know their secret password to log on.
However, malicious actors can use a variety of tools to try to guess someone’s password. Therefore, it is important for a password to be complex enough to make it too tough to guess. The longer and more complex a password, the harder it is to guess. Because the network account provides access to a variety of different enterprise systems, creating a robust logon password that is very secure, while still being memorable, is especially important.
It is important that users do not use the enterprise username and password for any other applications or accounts, especially personal accounts. If users use the same passwords for personal accounts that they do at work, and one of those account is breached, it could cause a breach for the organization.
Below are some common methods that attackers use to hack passwords.
Social Engineering
Social engineering is a non-technical way that malicious actors attempt to steal personal credentials. The most common form of social engineering comes in the form of phishing attacks, in which a malicious actor pretends to be a trusted source. While in disguise, they attempt to harvest personal information, such as bank accounts, usernames and passwords. Be sure to report any suspicious emails that might be a phishing attempt to Information Security.
Dictionary Attack
In an attack like this, the hacker’s computer runs through a dictionary to try to guess what a password could be. The hacker’s computer can try upwards of 1,000 passwords a minute. So, even if people think they’ve come up with a great password that no human could guess, a computer still can. Therefore, it is critical to add a combination of numbers, characters and capital letters to increase the difficulty.
Hybrid Attack
The hybrid attack functions quite like a dictionary attack, but it goes one step further: Attackers go through a word list and include random numbers and/or characters to the word. If your password includes a calendar year that is personal to you, such as a birth year or anniversary, it won’t take long for a computer to figure it out. Attackers also know that most people’s passwords use a capital letter for the first character of their password and end the password with a “!” or “?” symbol. Avoiding this pattern makes guessing a password more difficult.
Brute Force Attack
Attackers can try to guess your password by trying all possible password combinations. This method is generally not very effective, but short and simple passwords can fall victim to this.
As always, the med center needs everyone’s assistance and diligence in helping to keep the organization safe and secure. With questions, email Information Security.