Iowa State University

ITInformation Technology

Common Threats to Passwords

This blog entry expired October 21, 2017. It may contain out-of-date information.

Passwords are the number-one target for hackers and cyber criminals. By obtaining a password, someone can access personal information including credit card numbers. Account information in general is also a big target because once someone gains access to account log in information they have full access to passwords and the account. The most common threats to passwords and account information are guessing and stolen passwords, social engineering, phishing, wireless sniffing, and Wi-Fi eavesdropping.

Strong and long passwords are the best defense against brute force hackers.  Social engineering, another common threat to passwords, can take many forms, including malicious attachments sent through email, chat or instant messenger, phishing scams, and phone calls. All of which encompass the same idea, a hacker pretending to be a legitimate organization claiming to need specific information from a user to update or verify an account. Thousands of people fall victim to these types of attacks every year.  It is important to remember never to share passwords or log in information with anyone through email or over the phone, no matter how convincing they may seem.

Wireless sniffing and Wi-Fi eavesdropping both involve the use of a wireless connection to retrieve personal information and are common at retailers and restaurants that offer free Wi-Fi. In wireless sniffing hackers intercept the internet traffic of users and attempt to steal account information. Wi-Fi eavesdropping occurs when hackers access an unsecure wireless network, which gives them the opportunity to get information from computers connected to the network.  It is never a good idea to make transactions or access personal information on an unsecure or free wireless network because you never know who may be monitoring your actions.

For more information on creating strong passwords, identifying phishing scams, or other common password threats check out our previous blog posts along with our series of Cyber Security Snippets.