Tuesday, January 27, 2015

How To Get Someone’s Password

   No matter what else is going on, it seems that I keep circling back to the subject of passwords.  I’ve covered this topic many times, including here, here and here.  But it’s a new year and a new week and passwords are in the news again

   I’ve jokingly said for many years that the easiest way to get someone’s password is to just ask them!  What I mean by that is that many people will inadvertently give up their userid and password via a Social Engineering attack.

   Wikipedia defines Social Engineering as the "psychological manipulation of people into performing actions or divulging confidential information. A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in that it is often one of many steps in a more complex fraud scheme."

   An attacker can send a phishing email that either directly, or via a link to an online form, asks for a password.  They can call the victim on the phone, or call a help desk impersonating the victim.

   Or, they can just walk up to someone on the street and ask!...

   And this is certainly not the first time something like this has been tried.

   There you have it!  So protect your passwords… use a password vault; use different passwords for different systems; use strong passwords; watch out for phishing emails and calls, and; don’t give your password to someone else!

   For extra fun, try one of these phishing quizzes.  See if you can identify the imposters!  And reread this post on phishing.

No comments:

Post a Comment