Ever wondered what types of online threats you can run into simply by browsing the web? How could a seemingly legitimate website affect your privacy or your data? Passwords are usually the first line of defence against threat actors trying to grab photos, documents, and all the private information and data that are supposed to be safely locked away from prying eyes.
Hackers are interested in passwords and authentication credentials, as they provide a means for accessing information without triggering alarms usually generated by the use of vulnerabilities, or malware. This allows them to freely impersonate the victim and log into their accounts. Consequently, choosing a strong password that’s unique to each account is mandatory.
However, the authentication process requires that, whenever you log into your account, the sent password is no intercepted by hackers. This means that both the communication channel – the connection between you and the website you’re trying to log into – and the password itself need to be encrypted when sent across the internet. Otherwise, it’s like shouting out your password to a friend across a crowded room. Pretty much everyone can hear it, defeating attempts to keep your privacy private.
We’ve been introduced and updated to the latest technology; dubbed Network Threat Prevention, specifically designed to help you steer away from online threats, and keep your passwords private. This new technology can also prevent vulnerabilities in your system from being exploited, and it can detect and block brute-force attempts aimed at guessing your passwords, prevent your device from being compromised in botnet attacks, and prevent sensitive information from being sent in an unencrypted format.
Following are the steps one must follow in order to keep their password private & account secured; away from the eyes of a hacker.
The Internet 1 on 1
The foundation for all communication across the internet is known as HTTP (Hypertext Transfer Protocol). It acts as a request-response protocol between a client (browser) and a server (website). Think of it as a universal language that everyone uses to exchange information. However, because everyone can understand HTTP, it raises security and privacy issues, especially when broadcasting sensitive information, such as passwords. Because attackers can sometimes “eavesdrop” on your conversations and they understand what you’re saying, passwords need to be sent across in a way that’s difficult for bad guys to read.
As everyone knows, the address of a website usually looks something like “www.example.com”. What modern browsers don’t show anymore, though, is the full address of the website, which looks like “http://www.example.com”. This means that communication between the browser and the website is handled using a “common language” that everyone can understand.
However, because attackers can also “understand” HTTP, security experts have figured out a way to make the conversation between the browser and each visited website, private. Dubbed HTTPS (Hypertext Transfer Protocol Secure), its purpose is to protect the communication between the browser and the website from being “understood” by anyone eavesdropping. If HTTP is an alphabet that everyone uses when sharing written information, HTTPS is like a different language that uses the same alphabet. Just because you understand each letter, doesn’t necessarily mean that you understand the word or the entire sentence.
The main advantage is that, whenever you’re visiting websites that have HTTPS instead of HTTP, everything you’re “saying” to them it looks like complete gibberish to someone listening in. Just like speaking a different language.
“This page was blocked for your protection”
Anti-Virus software has the ability to identify whenever you’re about to send passwords or credentials to a website in a manner that can be overheard by everyone. This is why you’ll sometimes see a message that reads “An attempt to send your password unencrypted, in plain text, was prevented on this page.” whenever you’re visiting a website that doesn’t use HTTPS when requesting your passwords.
Websites that don’t have HTTPS enabled – usually represented by that little green lock at the beginning of the website’s name – are not necessarily bad or a danger to your privacy. But it’s worth noting that even websites that do have HTTPS can be fraudulent.
For instance, to add credibility to a phishing website that impersonates a popular bank or online retailer, attackers use HTTPS to throw people off. It’s pretty much like bad guys dressing up as cops, and then committing a crime.
So next time you log onto a website and input your password, make sure it’s sent across encrypted so that no one can intercept it.
— Zakir Hussain, Director, BD soft, Country Partner of Bitdefender...