Updated: Nov 1, 2021
Lots of cybercrime these days follows a fairly routine method: Scan for targets, try to break into the targets, move on to the next one when it doesn't work. If you understand how hackers get your password, then you can make it a lot harder for them to break into your accounts.
Here are the top 3 ways that we see hackers obtaining your password, and how to lower the risk:
1. The website you were using got hacked
There's not much you can do to stop Dropbox from being hacked like what happened in 2012. Those 68 million passwords then got sold on the darkweb. What you can do is stop re-using the same password (including just using variations!). That way, even when someone buys the Dropbox passwords, they won't be able to easily hack your Facebook Business, Gmail, and LinkedIn accounts at the same time!
2. Your password got cracked
Sometimes a website is hacked, but the passwords aren't stolen - just the username. If you used a password like "Password123", then the hackers just need to run their tools on the site with your username in order to crack it. Using complex passwords prevents this! These days, 10 characters should be considered a minimum length, and 12 is better.
3. Your email got phished
Phishing is when you receive an email that looks real, and it wants you to open a link. Maybe the email looks like it is from Office365, and you click on it and what looks like an official Microsoft page opens up and asks you to reset your password. The reality is that the password gets sent direct to hackers, and now they can change your password to whatever they want eek! As a business, there is software you can invest in to prevent these emails from coming through, and also to stop those links working. You can also enable 2-factor authentication on most online services these days to help limit the hack if your password does get taken.
By limiting these top 3 password hacks, you'll probably take care of about 80% of where all successful hacks come from! For the other 20% it does get harder, so it might be time to dig deeper into the internet for cybersecurity, or perhaps just call in the experts.