Cybercriminals are getting more sophisticated in their methods and use of technology when executing cyber attacks. Walls, fences, gates, turnstiles, guards, CCTV cameras – these all protect access. But passwords require digital walls, digital fences, digital turnstiles, and digital guards. Solutions like 2FA, password managers, IAM, SSO, and others make protecting passwords against password theft much easier for IT admins and end users. It’s not hard to deploy 2FA. But it is hard to suffer the consequences of a data breach that could have been avoidable with 2FA in place. Sure, shields are expensive. But when it’s raining cyber attack arrows, loosed in great volleys by sophisticated machines, we’re going to want that shield and more.

Hackers can see you type your password from miles away

Not all shoulder surfing happens from the person right behind you when you type your password to login. Weapons of choice for criminals can include simple cameras, high-power binoculars, and even public CCTV footage. There are so many results on the Internet when you search for how to hack CCTV cameras. A good many vulnerabilities stem from the weakness of using “default passwords”. An unsophisticated hacker can easily find default password conventions for a CCTV camera and target owners that have not changed the default password. An international hacker collective claimed to gain security camera data by hacking into a CCTV camera vendor. The hackers gained access to Verkada’s cameras through a “super” admin account. This vulnerability allowed the hackers to peer into the vendor’s customer’s cameras. It’s not always the vulnerability you’re prepared for that strikes. Sometimes, it’s unintentional. Remember when Kanye West typed in his phone’s password on national television? Kanye West’s password was “000000”. If someone sees you type your password, is it a password theft situation? Either way, don’t let someone get ahold of your password through carelessness.

Hackers can hear you type your passwords

Researchers have proven that it’s relatively easy to decipher what someone’s typing just by listening. Check out Keyboard Snooping from Mobile Phone Arrays with Mixed Convolutional and Recurrent Neural Networks. If researchers published this in 2019, it’s very possible that some criminal organizations could have successfully built and used a program to glean passwords just by listening. Password theft through sound. Crazy. How do we defend against someone listening to you type? Keyboard mufflers? But using an authentication mechanism that doesn’t require you to throw a blanket over your laptop every time you login solves this problem. In conclusion, use biometrics or a physical token to login, instead of typing easily-exposed passwords.

Password theft of reused passwords via fake sites

Phishing sites attempt to get you to type in your username and password on their illegitimate sites. But what can also happen is that you create an account on a malicious site using your “usual” username and password combination. Then, it won’t be that hard for the owner of the malicious site to use your “usual” username and password combination to try reusing your credentials on other sites to try to gain access (credential stuffing). One way to prevent this is by using a unique password for every account. That way, any compromised passwords won’t compromise any other account. Therefore, use a secure password manager to save all of those long, complex passwords that are unique to each account. These cyber criminals are getting clever. Let’s not fall behind them. Prevent password theft before it’s too late.