Password Cracking Techniques used on Social Media Accounts
Various Social Media Accounts such as Facebook, Twitter and Instagram are always hacked and a lot of times, I see people on social media posting that there accounts are hacked and people should not entertain any message or post from the account. But they don't take any serious action about it, they will just create new account and continue. Therefore, I decided to write articles on how you can keep your social media accounts safe and secured. In this article, I will discuss how your social media accounts are cracked.
Popular Password Cracking Techniques
There are various ways your passwords are cracked, the popular ways include:
1. Password Guessing
This method is the most easiest way for an attacker to gain access to your account, but this method involve you in using a common strings (e.g. password) or even alphanumeric such as "password 1234". Infact, why I call it the easiest is that the attacker doesn't need any special tool to get your password. Just keep reading I will give you tips on how to create a strong password.
2. Phishing Attacks
This is a special type of Social Engineering Attack involes the victim getting tricked by an attacker on behalf of a trusted site, company or organization.
Let's assume you had a Facebook account, the attacker will clone Facebook Login page, host it and find a way to send you the link either by email, sms or even through social account he want to gain access to, after you visit the link, you may be required to input your login details before proceeding, as you submit the form, the attacker will gain access into your account by using your login credentials.
3. Brute Force Attacks
Brute Force Attacks is a popular and a special technique of guessing or cracking a password, it involves using a huge word list (file containing random password) of millions passwords. Brute Force Attacks is powerful when an attacker collect huge information about the victim and created a wordlist of the specific victim. Example of huge wordlist is the "rockyou.txt" which comes in Kali Linux by default.
4. Dictionary Attacks
This is similar to Brute Force with just some little difference, dictionary attacks involve adding random characters, figures or special symbols. Let's assume your we have a "password" as a string, the dictionary attack scnerio may look like "p@$$word", "p455w0rd" or something similar to it, but this doesn't just stop in three to four steps, it may be more than 50-100 depending on the length and the number random password that can be generated.
5. Session Hijacking (Cookie Stealing)
From the name, it implies Hijacking someone's browser session via Cross Site Scripting or XSS, a popular and powerful web application vulnerability which is normal done in JavaScript, but this method is well advanced and requires high coding skills and knowledge of how browsers work.
This mostly happened when the website you are visiting is vulnerable to Cross Site Scripting or XSS, they attacker might store an XSS on the site, which automatically steals your browser cookie and the attacker can use it to log into your account without the need of typing your credentials.
6. Malware or Botnet Attacks
Sometimes attackers implant malwares that are controlled remotely - popularly known as Botnets, the malwares acts as backdoors which attackers can use to connect back to your computer or device at anytime. So, if you are among the people who store passwords in text files they might easily navigate your file systems and get the passwords to compromise your accounts.
There are other methods in which password maybe exploited, but these are the common and major ones.
Tips in Choosing a Strong Password and securing your accounts
Choosing a Strong Password - alphanumeric with the combination of symbols, makes it really hard for attacker to crack your account password. The guide is:
1. Avoid using Common Phrases and Common Passwords.
Avoid common phrases, names, phone numbers, postal codes or common abbreviations and common password include password1234, pass1234, admin or something like that.
2. Use Alphanumeric Number with different Cases
Choose Alphanumeric with the both uppercase and lower this makes it hard for wordlist to crack because most them are combination of lower cases.
3. Use Different Passwords for your accounts
as much as possible to use different passwords for your different account to prevent an attacker from accessing all your account after getting one.
4. Avoid storing unencrypted plain text password file
Text files that contains your passwords should be encrypted, it is not necessary to store them, but if you really want to store them, make sure they are encrypted and hidding.
5. Implement Two Factor Authentication in all your accounts
Setup two step authentication for all your accounts, this can help you to prevent accessing the account even if they got the passwords.
6. Avoid Visiting uknown Websites Avoid visiting sites which you don't trust, or links via email, as the websites may control the behavior of your browser and steal session cookies or any other sensitive information.
7. Avoid using Online Password Managers
online password managers maybe sometimes dangerous, nothing is 100% secured, so if they got exploited, your password too.
9. Add Backup Email or Phone Number
Add a backup email or a phone number to all your accounts, sometimes they might just get in and change the password, you can reset it if there is a backup.
10. Avoid Installing unknown Softwares
Installing softwares from unknown sources as they may contain malware, if you want to test them, run them in a Sandbox of an antivirus.
11. Use a genuine Antivirus
Using genuine Antivirus like Bitdifender or Avast will help you alot in identifying softwares with virus, and automatically delete them.
If you do follow the measures above, I am sure you are a kinda secured, though nothing is secured 100 percent, but at least you have taken a step in making somethings safe.
Thanks for reading, make sure you checked our other posts, and if you have any issues feel free to drop a comment or visit the contact page to reach us, thanks one more time.