Hacker proves password theft is easy

Password theft is not very tricky and can be done without much skill or money, a security expert explains during a live hack.

Anyone can easily get online and steal passwords - and it will not cost them much either.

This was the message during a live hack coordinated this morning by Jason Hart, senior vice president in Europe for two-factor authenticaton provider CRYPTOCard.

During the hack, he set up his own wireless hotspot, which he simply called BT Openzone.

As delegates used the wireless service, Hart was able to get hold of whatever usernames and passwords were being typed into web applications, just by using an easily downloadable password recovery tool called Cain & Abel.

When Hart and his team tested out the method across cafes in the UK, 100 per cent of web browsers in the various establishments used the fake BT Openzone service.

"That's how easy it is, it is instant," said Hart.

"People believe passwords are secure, but if someone has got your password you won't know about it."

There are various other methods people can use to acquire passwords, from searching for them with simple Google algorithms to using paid-for services run by groups such as the Slick Hackers Group, the security expert explained.

He claimed the solution to the problem was two-factor authentication, where two independent forms of identification are required in conjunction to allow user access.

"There should be no reason why internet service providers shouldn't be supplying everyone with two-factor authentication," Hart added, noting Virgin Media had committed to offering such services with the help of CRYPTOCard.

He also sought to dispel the myth that using complex passwords will protect user accounts from hackers. Cyber criminal's methods for stealing passwords render length and variation in characters, letters and numbers meaningless, Hart said.

"Obviously people need to not have a password that is 'password'," he added.

Featured Resources

2021 Thales cloud security study

The challenges of cloud data protection and access management in a hybrid and multi cloud world

Free download

IDC agility assessment

The competitive advantage in adaptability

Free Download

Digital transformation insights from CIOs for CIOs

Transformation pilotes, co-pilots, and engineers

Free download

What ITDMs did next - and what they should be doing now

Enable continued collaboration and communication for hybrid workers

Recommended

Meta makes 2FA mandatory for high-risk users
two-factor authentication (2FA)

Meta makes 2FA mandatory for high-risk users

3 Dec 2021
What is single sign-on (SSO)?
single sign-on (SSO)

What is single sign-on (SSO)?

2 Dec 2021
More than 90% of IT decision makers reuse passwords
Security

More than 90% of IT decision makers reuse passwords

30 Nov 2021
Meta delays product-wide end-to-end encryption rollout until 2023
encryption

Meta delays product-wide end-to-end encryption rollout until 2023

22 Nov 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
Microsoft seizes domains used by Chinese hacking group
cyber attacks

Microsoft seizes domains used by Chinese hacking group

7 Dec 2021
Australia film archive gets $41.9 million to digitise audiovisual heritage
digitisation

Australia film archive gets $41.9 million to digitise audiovisual heritage

6 Dec 2021