Popular movies and shows would lead you to believe that hackers are computer geniuses who use advanced tech to crack network security.
While that certainly does exist, the reality is the majority of cyber-security attacks are a result of Credential Theft.
According to an annual study conducted by Verizon, roughly 70% of all network breaches are a result of confiscated credentials
More importantly, these attacks are increasing and getting more sophisticated by the day, making securing personal and company accounts ever so important.
What is Credential Theft?
Put simply, Credential Theft is the act of illegally obtaining someone’s credentials, such as their username and password, to gain unsolicited account access.
In the modern world, everyone has dozens of login credentials for all sorts of accounts.
To avoid forgetting them, people often decide on one password and just use it for everything.
However, hackers know this and they exploit it often.
If you’ve ever received a suspicious-looking email telling you something is wrong with your account, you’ve been targeted by a credential theft attack known as Phishing.
The link inside the email sends you to what looks like a login page, while in fact it just records and saves what you typed in.
Malicious software, such as keyboard stroke recorders (keyloggers) and screen capturers, are also commonly used in credential theft.
They extract information by recording your information either through keyboard presses you make or from the information shown on-screen as you type.
Likewise, you never know who is looking over your shoulder, possibly recording you as you log in – and you’d be shocked how often this form of spying is done through compromised security cameras.
How to prevent credential theft
Why do so many email scams target Spotify, Amazon Prime, and similar accounts?
Who knows, maybe scammers just want to watch some movies and listen to music.
The more likely scenario is, if they obtain one set of your credentials, they’ll try to apply them to all possible accounts, to gain as much access as they can.
This is known as credential stuffing, and it can be especially problematic if you use one password for everything.
So, how do you protect yourself from credential theft?
Ideally, no one should know your passwords except you.
Does that mean you shouldn’t give your Netflix account to your family or friends?
Of course not.
However, there are some easy-to-follow rules to protect yourself:
1. Separate private and work passwords
To reference our Netflix example, the best practice against credential theft is to have a different set of passwords for different accounts.
That way, if one set gets circulated and ends up used in credential stuffing, it won’t be an immediate risk to others.
2. Don’t give your account info to others
So, your coworker is locked out of their account and they need to check something?
Sounds innocent enough, but keep these things in mind:
First of all, never verbally (or otherwise) share your actual passwords with them.
Second, ask permission from your manager and make sure they note the usage for future reference.
3. Train your employees
If you’re a business owner or manager, make sure your employees are well-informed.
Set aside time for a training session/Q&A with your IT experts when you can.
Share resources, such as this blog or any news articles regarding recent hack attempts with your employees, to remind them how important it is they do their part.
4. Never save your passwords in written form
Having to retype them every time you need access can get annoying, so it may be tempting to store them somewhere and just copy-paste them.
Writing them down on your computer, phone, email, and similar is an alarmingly common occurrence.
This rule also goes for physical copies – such as writing them in notebooks or on sticky notes – as well.
5. Immediately report a locked account
Unless there’s a specific policy allowing you to do so, don’t attempt to reset it yourself.
Instead, report to your IT department through the appropriate channels and wait for their reply.
Do not make additional login attempts while waiting – you could complicate their work or expose your account to breach attempts.
6. Enable multi-factor authentication
Multi-factor authentication, such as 2FA, is a great line of defense.
Set your accounts up so that any new/unrecognized device must be confirmed before allowed access.
2FA is especially important to prevent damage in case an account’s credentials have been compromised.
7. Use an encrypted password vault
Software for safely storing and sharing passwords has been on the rise in popularity.
Continue reading to learn how you can use it to protect yourself.
AppsCo One is an HR and IT management platform with a built-in password encryption tool. It helps companies and individuals protect their accounts with its variety of safety options. It’s especially good at assisting network managers to grant, revoke, and oversee delegated access to company accounts, resources, and devices.
One Solution For All Credential Theft Problems
Password encryption software, such as AppsCo One, is the best line of defense against credential theft.
The tools it provides eliminate all common problems:
- Access everything with just one click with the single sign-on (SSO) protocol
- Overview and manage who has access to what from one platform
- Save time by not having to reenter credentials whenever you need access
- Store all accounts in one place and easily share them with others without revealing credentials
- Share company resources with employees (or customers) without having to assign multiple sets of passwords
- Enforce multi-factor authentication and quickly identify unrecognized login attempts
- Protect everybody against keyloggers and screen capturers by removing typing
- Incorporate company policy into the app
- Easily assign new or delete old accounts
- Have easy access to your accounts across all devices using the cloud-based software
- And never forget passwords again
