cyber criminal stealing passwords
Blog >

Revealed: How Criminals are Stealing Your Passwords to Take Over Your Accounts

As small and medium business owners, keeping our businesses secure is paramount. We understand the importance of choosing secure and complex passwords, but is it enough to thwart the efforts of cunning cyber criminals? This World Password Day let’s delve deeper into the tactics used by these cyber criminals and the common mistakes that could leave our accounts vulnerable to takeover.

Tactics used by cyber criminals:

1) Interception – intercepting passwords as they are sent over a network.
2) Brute Force – Automated guessing using billions of different combinations.
3) Searching – searching for electronically stored password files
4) Shoulder surfing – watching while someone types their password.
5) Manual guessing – guessing at commonly used passwords or using personal information.
6) Social engineering – tricking people into revealing their password.
7) Key Logging – criminals may install software that intercepts passwords as they are typed.
8) Stealing passwords- Either from a data breach or where passwords have been written on Post-it notes or similar.


Two Common Mistakes:

• Choosing Weak Passwords: The first and most obvious rule is to choose a strong password. Longer is better – aim for at least 12 characters. Avoid using easily guessed information such as the name of a pet, football club, or date of birth. These are the first things cybercriminals try when attempting to crack your password.
• Password Reuse: It may be tempting to reuse passwords for multiple accounts to simplify the login process. However, this practice can have serious consequences. Imagine a scenario where a company you use suffers a data breach. While you may initially breathe a sigh of relief that your credit card details haven’t been compromised, the danger doesn’t end there. Stolen credentials are often sold on the dark web, and if you’ve reused your password for multiple accounts, it won’t be long before someone gains access to your emails, social media, and other sensitive accounts.



To protect your business from password-related security breaches, consider implementing the following recommendations:

• Use a Password Manager: Invest in a reliable password manager to store your passwords in a secure vault. A password manager not only provides a safe space to store your passwords but also generates unique, strong passwords for all your accounts. It can also alert you when it’s time to replace a password and autofill your login details, saving you time and effort. With a password manager, you only need to remember the password for the vault itself, significantly reducing the risk of password-related security breaches.
• Implement Multi-Factor Authentication (MFA): Add an extra layer of protection to your accounts by implementing multi-factor authentication (MFA). MFA requires users to provide two or more forms of verification before gaining access to an account, such as a password combined with a fingerprint scan, or a one-time code sent to a mobile device. This additional layer of security can significantly reduce the risk of unauthorised access, even if your password is compromised.

By following these recommendations and staying vigilant about password security, you can help protect your business from the growing threat of password-related cyberattacks. Remember, the security of your business is in your hands – take proactive steps to safeguard your accounts and sensitive information.

If you missed our October blog post you might like to read it now for more information on the key steps to strengthening your cyber defences.

We hope you found this useful. If you run a small business and would like to understand more about keeping your accounts and data secure, then please get in touch.

More from our blog