From reusing passwords across sites to choosing passwords that are easy to guess, everyone from North Korea’s state-run social media network to Facebook’s Mark Zuckerberg has had their social media compromised by opportunistic hackers over the last few days. What’s even more surprising is that the accounts were hacked because the supposedly tech-savvy owners didn’t follow even the most basic password security protocols.
“Password” and “Dadada” Are NOT Solid Password Choices — but for Very Different Reasons
North Korea’s Facebook clone wasn’t even up for a few hours before it was hacked, proving that hackers don’t need months or years to hack into a website if they’re motivated enough — no matter what country they live in.
Last week, Scottish college student Andrew McKean hacked into North Korea’s recently developed Facebook-imitation platform by using “admin” and “password” as login credentials. The site had to be immediately taken offline, as McKean was able to manipulate advertisements, user protocols and email addresses associated with the service.
The North Korean site remained offline as of this posting. The fact that the site was probably never intended to be accessed outside of North Korea proves just how vulnerable international network platforms can be, even when they’ve only been online for a few hours. Hackers are opportunists — and they are waiting at the ready to launch an attack, if only for an ego boost or props in certain dark web tech circles.
Later that week, Mark Zuckerberg became the latest victim of that massive LinkedIn hack you’ve probably heard about — and his password was pretty weak to begin with. Zuck chose the password “Dadada” and then proceeded to use it across multiple sites, breaking two of the golden password security rules at once:
Don’t use passwords across multiple platforms. When you do, and one site is compromised, all of the other sites you’ve got connected to that password are vulnerable to a breach as well.
Passwords with limited and repeating characters are pretty much useless when it comes to security. Hackers can use simple brute force to power their way into your password combination by simple trial and error — after all, there are only so many letter combinations in the English language.
To avoid making the same mistake as Zuckerberg, industry experts recommend choosing a different complex password for each site that you access. If remembering all your different passwords is simply too complicated, consider utilizing a password manager to keep them in order.
In case you need a refresher, always remember to follow these protocols to keep your password off a hacker’s radar:
Create complex, unique passwords that use a combination of symbols, numbers, words and upper/lower-case letters.
Never use your network username.
Obviously — don’t use “password,” “user” or “admin” anywhere.
Birth dates, social security numbers, addresses and phone numbers make easy-to-guess passwords.
Dictionary words are not ideal. Password-cracking tools can easily run through dictionary lists and automatically check thousands of combinations at once. If you go this route, at least add a string of characters and symbols to the word to make the overall combination more secure.
QualityIP is your network security specialist, and we are here to help you keep your network and your business information safe and secure. We are always at the forefront of the latest information technology security news and developments. Contact us at (330) 931-4141 or send us an email at [email protected] for more information.