Cyber Access Control | MFA Enterprise Password Management | Access Smart

Passwords Hidden In Your Social Media Profile

Criminal Hackers Using Social Media Profiles to Crack Passwords


Criminal hackers using social media profiles to commit identity theft - Access SmartI recently read this article by Tom Godfrey in the Toronto Sun titled Linkedin to Identify Theft. The article talks about how social media sites are used by identity thieves. It also highlights how individuals write too much personal information in their profile.


Now, if this was post was only about identity theft and ways to protect one’s personal identity, then I would also talk about limiting not only the profiles, but what you also post on your Facebook wall, LinkedIn status updates and Twitter updates.  I am always stunned and appalled when people post on their Facebook wall that they are leaving on a trip for an extended period of time and even provide “check-in’s” along their journey just to ensure that potential thieves know just where they are at all times. Even though your FB page might be set to private, your friends “friends” can also see what is going on and you have just advertised that you home is available to be plundered.


But, there may be something else you are revealing that you might not be aware of. Your Account Password.


Think about your different account passwords. How did you choose your password? How do you remember your passwords? Are your passwords related to anything personal about you like a town, name, date, event, etc. If “Yes”, then ask yourself if that information also resides on any social media sites or web profiles. If you are like 67% of the population, then you are advertising more than you think.


The human mind works off patterns and relationships. For example, people often put numbers after a word than in front so <Name Birthday> has a higher probability than <Birthday Name>. There are programs that attackers use to break passwords based on high probability statistics. The way these programs work is for the attacker to first input an individual’s personal information found from a profile. Next, the program generates a number of possible combinations based on human password generation statistics. Finally, the program is used to log into your site trying the high probability generated passwords first. This example utilized dictionary attack with statistical brute force. Remember, it takes a computer only a few seconds to try 1,000 different passwords and they don’t get frustrated when the last attempt didn’t work.


The best passwords are the ones that have absolutely no personal ties to you. That’s why long random passwords work best. You force the attackers to pure brute force methods or other means that they may not have access to. The security strategy here is to put up enough barriers to drive most attackers to look for easier prey.


Password security, while strong, the weakest link is often how the individual chooses and manages their passwords. That is why multiple layers of password security have to be deployed as discussed in many of my other blog posts. But one key component has to also be a secure password manager like Power LogOn which protects businesses and individual users with an affordable, easy-to-use, secure password manager.


Please call Dovell Bonnett at (949) 218-8754 for more information or visit our website.