“The public thinks us hackers are mysterious and no one knows how [to attack networks],” Kapustkiy said. “But I will tell you, the number one best way to hack is by getting a password.” He knows, because he’s a hacker.
“I do use SQL database hacks,” he said, “but a lot of the time I use social engineering to guess or trick people into giving up a password. If the password is weak or they used [the same password] on another site I can own everything.”
Consumer and business users are increasingly vulnerable to password-based attacks, and the cost of data breaches is astronomical. According to Carbonite’s chief evangelist Norman Guadagno a single attack can cost business upwards of $250,000. “Small businesses do not have the same resources as larger enterprises and a single hack can put them in significant risk of losing their business,” he explained.
SEE: How risk analytics can help your organization plug security holes (Tech Pro Research)
Using a strong password is the easiest thing business users can do to reduce risk. Yet password management remains a tricky chore. Short, less complex passwords are easier for humans to guess, and easier for machines to piece together. Hackers often use software like Burp Suite to algorithmically brute force access to weak passwords. Reusing passwords, even complex passwords, increases the risk of compounding compromise as access to one account begets access to many accounts. Long, complex passwords are difficult to remember and hard to hack, but also a challenge to manage. Some users resort to creating a pen and paper list of passwords. This method is effective, but insecure and inconvenient.
SEE: How secure are password managers? (CBS News)
Password managers are a cost-effective, scalable, privacy-enhancing solution for consumers and business users. TechRepublic recommends five respected applications—LastPass, 1Password, Dashlane, Zoho Vault, and RoboForm—to help manage secure notes, passwords, and documents.
Do you or your company rely on a password manager? If so, what do you use and why? Vote in our poll and leave your thoughts in the comment section below.