"The public thinks us hackers are mysterious and no one knows how [to attack networks]," Kapustkiy said. "But I will tell you, the number one best way to hack is by getting a password." He knows, because he's a hacker.
"I do use SQL database hacks," he said, "but a lot of the time I use social engineering to guess or trick people into giving up a password. If the password is weak or they used [the same password] on another site I can own everything."
Consumer and business users are increasingly vulnerable to password-based attacks, and the cost of data breaches is astronomical. According to Carbonite's chief evangelist Norman Guadagno a single attack can cost business upwards of $250,000. "Small businesses do not have the same resources as larger enterprises and a single hack can put them in significant risk of losing their business," he explained.
SEE: How risk analytics can help your organization plug security holes (Tech Pro Research)
Using a strong password is the easiest thing business users can do to reduce risk. Yet password management remains a tricky chore. Short, less complex passwords are easier for humans to guess, and easier for machines to piece together. Hackers often use software like Burp Suite to algorithmically brute force access to weak passwords. Reusing passwords, even complex passwords, increases the risk of compounding compromise as access to one account begets access to many accounts. Long, complex passwords are difficult to remember and hard to hack, but also a challenge to manage. Some users resort to creating a pen and paper list of passwords. This method is effective, but insecure and inconvenient.
SEE: How secure are password managers? (CBS News)
Password managers are a cost-effective, scalable, privacy-enhancing solution for consumers and business users. TechRepublic recommends five respected applications—LastPass, 1Password, Dashlane, Zoho Vault, and RoboForm—to help manage secure notes, passwords, and documents.
Do you or your company rely on a password manager? If so, what do you use and why? Vote in our poll and leave your thoughts in the comment section below.
- Experts predict 2017's biggest cybersecurity threats (TechRepublic)
- Poll: What new cybersecurity trends will dominate 2017? (TechRepublic)
- 2017 cybercrime trends: Expect a fresh wave of ransomware and IoT hacks (TechRepublic)
- Gallery: The 10 biggest business hacks of 2016 (TechRepublic)
- Delete unused Android apps now, or risk a security nightmare (TechRepublic)
- For privacy and security, change these iOS 10 settings right now (ZDNet)
- Security's future is the cloud, as enterprise trust in Amazon grows (TechRepublic)
- Do you save passwords in Chrome? Maybe you should reconsider (ZDNet)
- IT Security in the Snowden Era (ZDNet)
- Russia's role in political hacks: What's the debate? (CNET)
Dan Patterson has nothing to disclose. He does not hold investments in the technology companies he covers.
Dan is a Senior Writer for TechRepublic. He covers cybersecurity and the intersection of technology, politics and government.