In the last couple of years, cybersecurity shifted from a barely discussed topic to a common theme both in the business and political spheres. Furthermore, casual Internet users are becoming more aware of the dangers on the Internet and are taking safety precautions to protect their online valuables.
Social networks are closely linked to this. For example, what started as a simple experiment when Mark Zuckerberg was in college, Facebook turned into a massive social network, which for some people is a primary source of income.
Jumping fast-forward several years, the Cambridge Analytica scandal revealed how social media data could be used against users’ consent; this time, it was to manipulate the American elections. It was a huge blow both to Facebook and social networks in general because it appeared they are much more than they seem to be. It’s not only about connecting with your friends and sharing experience; it’s also about collecting user data and using it.
Another side of the same coin is monetization. Two decades ago, there were barely any online financial transactions, and now it’s the other way around – some people buy more on the Internet than in the physical shops. In addition, social networks – Facebook, Instagram, Discord, Reddit, among others – are also monetized and have their ways of making money.
Which makes social media accounts a valuable commodity, which hackers tend to target.
In our previous article, we’ve outlined “10 Tips for Social Media Security and Privacy”, but in this one, we’d like to talk about one particular problem – password management, and how to generate strong combinations to protect your social media accounts.
Why is password management important?
Back in the days, Internet users had only a few online accounts: email, forums, and that’s about it. However, the situation has changed drastically. The statistics reveal that only on smartphones people have 80 Apps on average. And most of these are protected by passwords. This means that suddenly one must either remember tons of passwords or reuse the same password more than once.
This proved to be problematic because reused passwords weaken online security, primarily because of data leaks. For example, a few months ago, CyberNews reported about COMB (Compilation of Many Breaches). COMB is an enormous data set containing more than 3.2 billion unique pairs of email or passwords. A cybercriminal can use this data-set to target various accounts with email-password combinations to access that account, resulting in severe financial losses.
Let’s get back to the reused passwords problem. Even though cybercrime spiked during the quarantine, one particular attack gained significant momentum – a Credential Stuffing attack.
Credential Stuffing relies on people using the same email-password combination more than once. It goes like this:
- A vast number of email-password combinations leak from particular service;
- Cybercriminals obtain the leaked data;
- By the use of automation software, they start targeting other services with obtained email-password combinations;
- They take over the account and most likely sell it on online black markets in case of success.
As you can see, the attack is straightforward and easy to execute – that’s the main reason it became so popular. The scope of this attack is well illustrated by Disney+ accounts getting hacked, with thousands of stolen accounts being sold on black markets just hours after the release of the new streaming service.
What’s the worst that could happen?
The consequences of a bad password manager can vary from mild to catastrophic. In most cases, cybercriminals are looking for unprotected online accounts to steal them and resell for a lower price. Netflix, Spotify, Steam accounts are just a few that are continuously targeted. Losing Netflix or Spotify accounts may be a minor nuisance, but imagine losing your Steam account with hundreds of games worth thousands of dollars?
But things can get even worse than that. In the mid-2020 high profile twitter accounts were hacked and used to carry out cryptocurrency scams. It included Elon Musk, Bill Gates, Kanye West, Barack Obama, among others, which started posting messages saying they’ll double the amount of BTC sent to their wallets and send them back. In reality, these messages were posted by cybercriminals with their wallets addresses and no intention of sending anything back—estimated losses – 120k US dollars.
Last but not least is direct account takeovers for ransom. A small UK business that makes rubber stamps and gathered 29k Instagram followers had their account hacked. Hackers quickly demanded ransom threatening to delete posts and pictures otherwise. However, Instagram was faster, and due to suspicious activity, they deleted the account whatsoever.
How do password managers solve the problem?
Even though there are numerous hacking techniques to take over a specific account, exploiting weak passwords is still one of the most popular. Luckily, password managers stand up to the challenge of protecting your online valuables.
As outlined previously, reused passwords is a real danger, but it’s nearly impossible to remember dozens, if not a hundred, of different passwords. It’s even harder to remember strong, complex passwords, with upper and lower case letters, numbers and symbols. And if you’re using “qwerty” or “password123” and alike, then the chance of falling victim to Credential Stuffing increases tenfold.
A password manager is a cybersecurity software that allows creating and storing hundreds of strong, unique, and complex passwords in an encrypted vault.
It might sound risky. After all, you’re putting all of your passwords in one basket. The reality is different. Good password managers use advanced encryption algorithms to encrypt your vault, and with the current state of technology, this encryption is practically unbreakable.
Furthermore, great password managers have zero-knowledge architecture, which means that only the vault owner can access the passwords inside. Not even the development team can access them, it’s a tricky process, but you can watch this informative video by computerphile if you want to understand how it works.
Having security out of the way, users frequently praise password managers for the comfort they provide.
Don’t feel like coming up with a strong password yourself? Use a password generator. Are you tired of typing in long passwords by hand? The autofill function will do it for you. Believe me, once you’ve tried a password manager, it’s hard to go back. And it’s more secure this way.