Hacker proves password theft is easy
Password theft is not very tricky and can be done without much skill or money, a security expert explains during a live hack.
Anyone can easily get online and steal passwords - and it will not cost them much either.
This was the message during a live hack coordinated this morning by Jason Hart, senior vice president in Europe for two-factor authenticaton provider CRYPTOCard.
During the hack, he set up his own wireless hotspot, which he simply called BT Openzone.
As delegates used the wireless service, Hart was able to get hold of whatever usernames and passwords were being typed into web applications, just by using an easily downloadable password recovery tool called Cain & Abel.
When Hart and his team tested out the method across cafes in the UK, 100 per cent of web browsers in the various establishments used the fake BT Openzone service.
"That's how easy it is, it is instant," said Hart.
"People believe passwords are secure, but if someone has got your password you won't know about it."
There are various other methods people can use to acquire passwords, from searching for them with simple Google algorithms to using paid-for services run by groups such as the Slick Hackers Group, the security expert explained.
He claimed the solution to the problem was two-factor authentication, where two independent forms of identification are required in conjunction to allow user access.
"There should be no reason why internet service providers shouldn't be supplying everyone with two-factor authentication," Hart added, noting Virgin Media had committed to offering such services with the help of CRYPTOCard.
He also sought to dispel the myth that using complex passwords will protect user accounts from hackers. Cyber criminal's methods for stealing passwords render length and variation in characters, letters and numbers meaningless, Hart said.
"Obviously people need to not have a password that is 'password'," he added.
-
We need to do something about passwordsPasswords are a fundamental aspect of access security, but recent password leaks have undermined their ability to protect data
-
Dashlane lifts the lid on attack that saw hackers download encrypted user vaultsNews The company said it has now informed all affected customers, and taken action to shut down the operation
-
The NCSC says it’s time to switch to passkeysNews UK security organization calls for companies to step up and offer more secure ways to login
-
AI agents are creating new identity security risks: 1Password wants to solve thatNews The Unified Access system from 1Password will help enterprises manage AI agent access across different devices and users
-
Using AI to generate passwords is a terrible idea, experts warnNews Researchers have warned the use of AI-generated passwords puts users and businesses at risk
-
Researchers called on LastPass, Dashlane, and Bitwarden to up defenses after severe flaws put 60 million users at risk – here’s how each company respondedNews Analysts at ETH Zurich called for cryptographic standard improvements after a host of password managers were found lacking
-
Thousands of exposed civil servant passwords are up for grabs onlineNews While the password security failures are concerning, they pale in comparison to other nations
-
Gen Z has a cyber hygiene problemNews A new survey shows Gen Z is far less concerned about cybersecurity than older generations
