Friendly Computers advises you to create good passwords that are very difficult to guess, and change them regularly. Also, never give your password to anyone, even if you think you can trust them. This can prevent your computer or accounts from being hacked into and your data from being stolen. Read more below…
Source: http://www.pcworld.com/businesscenter/article/171468/password_hackers_gear_for_action.htmlAll that often stands between a malicious hacker and access to valuable, confidential data is a few keystrokes: an end-user's or admin's password. Yet even the most carefully crafted and well-guarded password is susceptible to being stolen from an innocent victim, and crafty miscreants have numerous techniques at their disposal to do the dirty deed.
In order to protect users and your organization from a password attack, you must first have a clear understanding of the various tactics available. From there, you can develop policies and educate users to prevent such an attack from succeeding. Today, we'll take a closer look at some of the types of attacks, as well as the best approaches to squelching them.
The most popular password attacks include authentication bypassing; guessing; network sniffing or eavesdropping; keystroke logging; hash cracking; credential replaying; and social engineering.
Authentication bypassing
This attack entails simply hacking around the authentication check. A common example: A would-be hacker uses a separate boot disc with the ability to read the targeted data partitions so as to bypass the normal log-on prompts and access the data directly. Another example would be an attacker using a remote buffer overflow (or SQL injection, and so on) against a running application or service to gain unauthorized access to the data.Password guessing
Here, an attacker attempts to guess a user's password by making multiple (sometimes thousands or millions) log-on attempts using proposed passwords against some sort of log-on prompt. Common guessing locations include the normal log-on prompt, Web-based e-mail, FTP, and remote management consoles.
