Many users set passwords that hold personal significance to them. So much so that the likelihood of it containing a number from their date of birth is dangerously high. In the Cyberworld, your personal details are the assets that a password provides. So what happens if the user’s password, the first line of defense against unauthorized access, is compromised? The only viable option is to shut down the user’s account and create a new account.
Tech giants use cryptographic algorithms, such as hashes, to make sure the password is a one-way street with heavy traffic. This makes it difficult to get the user’s account back. To put it in simple terms, no one can retrieve a plain text password from the hashes. However, the plaintext can be converted into crypts that have keys, which can only be accessed by the owner. The stronger your password, the more work required to hack your system.
Tech companies store the user passwords in servers that are not accessible through the internet. In general, they are stored offline and are retrieved online through a tunnel of secret passage networks to authenticate the user. Despite this, pirates could penetrate users' accounts using a Distributed Network Attack or a Rainbow Table Attack, in which different hashes are experimented with in order to infiltrate a company’s database. These attacks require enormous amounts of external resources to carry out.
In 2020, Nintendo experienced a credential stuffing attack, which is only possible if the company database is breached by password attacks or other forms of identity thefts like phishing. Ransomware enters when you install malicious software that monitors your computer without your knowledge. In this way, the ransomware took over 300,000 player accounts that were not sufficiently protected because of weak or reused passwords. Once they were in the users’ accounts, the attackers used the stored payment information to purchase valuable digital products illegally. The consequential blow of the resultant breach was tamped down, by resetting the affected user passwords and urging people to enable multi-factor authentication. The meeting platform Zoom faced a similar problem in the same year.
To keep passwords safe, one can use software like ‘Secret Manager’, or simply ensure the password is unique and of good length, with characters, numbers and symbols. Additionally, one should avoid getting lured by ads or spam from their inbox; these are the small incentives that bait you into revealing your identity.
The Web 2.0 universe is vulnerable to attacks that can cost user privacy regardless of the company (unless it's SpaceX because they have their own satellite running in space). Passwords are not safe if they are simple. Every day, new vulnerabilities are being exploited by cyberpunks roaming the cyber universe. It’s wise for us as users to take action to avoid falling into a rat hole.