The increased need for login complexity
Not another article about password importance! Yes, I know, the subject is a tired but true one. You’ve heard about, read about it, and if you work in an IT setting, definitely had meetings about it. Who cares, you think! Your classic password works just fine, and, it’s easy to remember. Today, logins requires so many different characters and symbols with crazy length requirements. It’s too tough to track!
These are understandable concerns. I myself have relied on similar logins most of my life, and it wasn’t until a few years ago I noticed a trend: websites and apps require increasingly complex pass phrases. To my dismay, I had to think of different logins for a lot of sites. But why?
Aside from the digital cyberscape transforming into a more dangerous one, it’s also the techniques utilized to smash through login screens. Indeed, these techniques are referred to as “brute force attacks,” a catch all phrase which includes software, apps, code, and programs to guess a login for malicious purposes. They come in many forms but are constantly evolving.
Furthermore, it’s technology that exploits advancements in hardware and software. What benefits us at the keyboard can turn around and be used to break into it, such as RDP or “remote desktop protocol.”
RDP has proven a massive boon to the IT industry and computer world in general, as it allows for things like remote maintenance and cooperation from anywhere in the globe. Imagine getting hands-on IT support by a friend from a different country in a different time zone. However, that amazing tech is precisely what hackers take advantage of too. If they can crack a login or gain lateral admin access, havoc will be wrought.
So, that’s why hackers make use of RDP based brute force attacks.
What is a brute force attack?
Let me paint you a quick picture: imagine every day, if not every hour, multiple people try to break through your door with a set of keys. They try it again and again, until success. Your lock is complex, so, they never find a way through. But that’s what brute force attacks look like.
Your internet facing devices are “visible” to any malicious party, and they’re eager to steal any important data. Brute force attacks come into play, which is an attempt to guess your password, as mentioned.
However, this isn’t a single hacker tapping at a keyboard for hours on end, scrambling between different monitors in an attempt to figure out your login. Rather, hackers deploy software which constantly make guesses at a password with a library of phrases, stolen or otherwise. It isn’t just one system, either, it’s multiple. Computers can do this for as long as necessary until they achieve success.
Now, combine that success with RDP, and you’ve got hackers with access to a network from any point in the world. That keeps them safe, despite their actions, and means they can threaten global networks at any time.
Starting to see the problem?
As relevant to weak passwords
Since these machines are constantly guessing, therein lies the severe problem of weak passwords. And, use of easily guessable passwords is still very common, creating a bigger issue. The guesswork on the hacker’s side comes from a variety of sources, but most commonly they acquire it from black market web sales. If ever you’ve received an alert that a used password was compromised, said login was part of those packages.
Hackers by them, then brute force guess with their automated systems. Because they’re drawing from a digital warehouse of guessable logins, there’s an enormous warehouse of potential victims. There’s no fatigue or lethargy here, either, if attackers have reason to believe a system or network – like an SMB – has something valuable, they’ll keep trying. Their systems don’t tire out, so without strong password, it’s only a matter of time before a breach occurs.
How can you stop this?
None of this sounds pleasant, so how do you stop it? If your first guess was “use stronger, more complex passwords,” then you’re correct. It is, in fact, that simple. But, we do understand that multiple logins across different websites can get complicated, so in those cases a password manager is recommended. Password managers can auto-generate complex logins for you, then store them for later. Website browsers, like Chrome and Microsoft Edge, even provide complex password options to increase security.
That, or try to develop a memory system that works for you. However, that can be tricky, and still relies on information which is potentially guessable, so be careful.
One suggestion we have, as an example, is picking the name of a favorite location or place. Then, rewriting that with its letter equivalent to the corresponding place on the alphabet, numerically. Such as, “ABC” = 123. Then, take your result and memorize it backwards. In a sense, the password is easy for you to remember, but harder to guess.
Another easy way to stop attackers is to enable MFA (multi-factor authentication) on any and all relevant devices. MFA is a growing standard, to the point any major website or login will have an option for it. In other cases, it’s even required.
With that, now you understand the reasons for password complexity, and why they’re necessary in a digital world littered with brute force attacks.
For more information and other IT assistance, contact Bytagig today.
