IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Hacker proves password theft is easy

Password theft is not very tricky and can be done without much skill or money, a security expert explains during a live hack.

Anyone can easily get online and steal passwords - and it will not cost them much either.

This was the message during a live hack coordinated this morning by Jason Hart, senior vice president in Europe for two-factor authenticaton provider CRYPTOCard.

During the hack, he set up his own wireless hotspot, which he simply called BT Openzone.

As delegates used the wireless service, Hart was able to get hold of whatever usernames and passwords were being typed into web applications, just by using an easily downloadable password recovery tool called Cain & Abel.

When Hart and his team tested out the method across cafes in the UK, 100 per cent of web browsers in the various establishments used the fake BT Openzone service.

"That's how easy it is, it is instant," said Hart.

"People believe passwords are secure, but if someone has got your password you won't know about it."

There are various other methods people can use to acquire passwords, from searching for them with simple Google algorithms to using paid-for services run by groups such as the Slick Hackers Group, the security expert explained.

He claimed the solution to the problem was two-factor authentication, where two independent forms of identification are required in conjunction to allow user access.

"There should be no reason why internet service providers shouldn't be supplying everyone with two-factor authentication," Hart added, noting Virgin Media had committed to offering such services with the help of CRYPTOCard.

He also sought to dispel the myth that using complex passwords will protect user accounts from hackers. Cyber criminal's methods for stealing passwords render length and variation in characters, letters and numbers meaningless, Hart said.

"Obviously people need to not have a password that is 'password'," he added.

Featured Resources

Accelerating healthcare transformation through patient-centred medtech solutions

Seize the digital transformation opportunities to streamline patient care and optimise patient outcomes

Free Download

Big payoffs from big bets in AI-powered automation

Automation disruptors realise 1.5 x higher revenue growth

Free Download

Hyperscaler cloud service providers top ten

Why it's important for companies to consider hyperscaler cloud service providers, and why they matter

Free Download

Strategic app modernisation drives digital transformation

Address business needs both now and in the future

Free Download

Recommended

LastPass admits 'elements' of customer data accessed in breach
hacking

LastPass admits 'elements' of customer data accessed in breach

1 Dec 2022
"Unacceptable" data scraping lands Meta a £228m data protection fine
Policy & legislation

"Unacceptable" data scraping lands Meta a £228m data protection fine

29 Nov 2022
Revealed: The top 200 most common passwords of 2022
cyber security

Revealed: The top 200 most common passwords of 2022

17 Nov 2022
Meta cuts 11,000 staff, citing wrong call on investment
Careers & training

Meta cuts 11,000 staff, citing wrong call on investment

10 Nov 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
Unpatched Exchange servers could be behind Rackspace's ransomware attack
zero-day exploit

Unpatched Exchange servers could be behind Rackspace's ransomware attack

7 Dec 2022
What we can learn from the supercomputer revolution
Sponsored

What we can learn from the supercomputer revolution

1 Dec 2022