Original article ISPreview UK:Read More
Broadband and mobile operator Virgin Media and O2 (VMO2) have taken a break from telecoms service provision in order to highlight the ease to which cyber criminals can break into your online accounts. In order to do this they enlisted the help of an ethical hacker to conduct a security assessment on a group of volunteers. Needless to say, account passwords were broken within 3 minutes.
The volunteers only needed to provide Brandyn Murtagh, who is normally a full-time bug bounty-hunter and ethical “White Hat” hacker, with their email address. After that he was able to find their passwords by hunting out publicly available information from past online data breaches – including those being used today and other personal data (including their address, phone number and even places they’ve recently visited).
According to VMO2, 55% of Brits say they’re worried about being hacked, while 78% admit to using the same or near identical passwords on multiple online accounts – including for their email (35%), social media accounts (31%) and for online banking (15%).
However, despite the fact that more than a third of people are aware that their information has been revealed in an online data breach (22% have even experienced their accounts being hacked), a quarter of password recyclers confess that they’d still open a new account today by using repeat passwords.
Ethical Hacker, Brandyn Murtagh, said:
“It can take just three minutes for a hacker to find a password and put people’s accounts at risk, which is why I’ve teamed up with Virgin Media O2 to help get Brits password secure this summer. Having your account accessed isn’t just an inconvenience; it can be the start of a chain leading to someone racking up thousands of pounds of debt in your name. But the good news is that by following my tips, in just a few simple steps you can make big changes to your online security which make it much harder for someone to hack you.”
1. Never reuse the same password – even with a very slight variation
2. Always use at least 14 characters and phrases
3. Implement two factor authentication or a passkey, wherever possible
4. Use a secure password manager
5. Too many sites with the same password? Start with the big ones (including financial, email, mobile operator and work accounts) then work your way from there.
6. Be careful what you put publicly online and avoid using personal details
7. Avoid using public Wi-Fi, particularly when it comes to secure transactions
We’d also add that, unless it’s absolutely necessary, you should try to avoid accepting those prompts that ask if the website can retain your financial details (payment cards etc.) for future use / purchases. Admittedly, this is an inconvenience for when you come to make a future purchase, albeit perhaps not as much of a problem as having those details stolen in a data breach.
In terms of how to make a strong password that you can actually remember, then this wonderful XKCD Cartoon always comes to mind, although we’d still add a number and special character into the example structure.
Finally, VMO2 noted how their “Advanced Security” (anti-virus) service had, over the past year, blocked 115 million unsafe and harmful websites, protected against 529k malware and spyware viruses and secured 4m banking and shopping sessions. VMO2 has also blocked more than 500 million fraudulent scam texts this year alone from ever reaching customers and flags 50 million suspicious scam and spam calls every single month.