Techniques used by hackers to retrieve your passwords
- Password recovery/reset systems
The systems that are in place to allow a legitimate user to recover or change a password when required, can be misused from the password hackers/fraudsters. The fraudster may persuade the authentication system to either mail it to them or change it to something of their choice. Next level of verification mechanism in such cases can serve as protection only if the answers are not very obvious.
- Few tips to avoid threats from password recovery/reset systems
- Use information that is not in social media for recovery of password
- Activate two factor/multi factor authentication
- Phishing/Keylogger/sniffer
Phishing is the practice of sending fraudulent communications that appear to come from a reputable source, to trick the recipient of mail/message to reveal sensitive information liker user name, password, PIN etc.,. Phishing is typically carried out by e-mail or instant message spoofing and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one.
The fraudsters may also make use of a software or hardware by installing it on the user’s computer to capture passwords typed on a computer is a ‘Keylogger’. Some of these softwares or hardwares can intercept or sniff and log traffic that passes over a computer network and so are called sniffer.- Few tips to avoid threats from Phishing/Keylogger/sniffer
- Be watchful of emails asking for login information
- Double check the URLs before logging into accounts
- Install reliable antivirus software and firewall on the device
- Use a VPN when connecting to public Wi-Fi networks
- Use encryption while sharing data
- Regularly update all software and devices with latest security patches