Section 3: Accounts and Credentials Security

Questions and Answers

What is a significant feature of the website https://www.security.org/how-secure-is-my-password/?

It offers users the option to store passwords securely.

It reveals common passwords used by hackers.

It processes password strength assessments locally. (correct)

It provides a list of the top 100 passwords.

What can be inferred about the website https://leakedsource.ru/?

It is illegal to use the website for personal password security.

It only allows searching by usernames.

It enables users to check if their credentials have been leaked. (correct)

It is intended for helping users recover lost passwords.

What is a recommended practice for creating passwords according to the information provided?

Employ variations of common passwords for ease of recall.

Avoid using easily guessable information. (correct)

Utilize simple words and phrases for faster typing.

Use common patterns to avoid forgetting passwords.

What risk was highlighted regarding even strong passwords?

They are often exposed in larger data breaches.

What action should be taken after noticing unauthorized access to an account?

Change the password immediately and check for leaks.

What method does a brute force algorithm employ to find a solution?

Tries every possible combination until it finds the correct one

Which of the following assumptions might a hacker rely on to improve the efficiency of brute force attacks?

Most passwords begin with a capital letter

What is a recommended way to make passwords more secure against brute force attacks?

Use longer passwords with varied character placement

What is one possible indication that your email account has been compromised?

You receive a notification about a new device accessing your account.

Which characteristic of passwords can increase the complexity for brute force algorithms?

Incorporating a mix of uppercase, lowercase, numbers, and symbols

Which action should you prioritize immediately after noticing unusual activity in your email account?

Change your password.

What might be a consequence of a compromised email account?

Friends receiving unsolicited messages from you.

What does it mean to tweak brute force algorithms?

To improve their efficiency through assumptions on user habits

Why might brute force attacks take advantage of password updates by users?

Users usually only modify the last digit of their passwords

What is a recommended step to take after changing your password?

Change the security question, if applicable.

What does the 'last account activity' feature in an email account show?

Recent access details including IP addresses and timestamps.

How does using a password generator enhance security against brute force attacks?

It provides longer passwords with randomized characters

What is a possible consequence of creating a password with predictable patterns?

It can lead to faster successful attempts in brute force attacks

How can hackers exploit your social media accounts?

By accessing personal information shared on your profile.

Which of the following practices does NOT help in protecting against brute force attacks?

Using a single character type in the password

What is a crucial step to take if you suspect malware is involved in your email issues?

Run a scan with an anti-malware solution.

Which of the following is a sign that your account has likely been compromised?

You are receiving unexpected notifications about changes to your account.

What should you do first if you stop receiving emails?

Verify your email account settings for auto-forwarding.

Why is it important to change passwords across multiple accounts?

To protect against widespread access if one account is compromised.

What is a clear sign that indicates your social media account may have been hacked?

Posts appearing on your account that you didn't write

What does the term 'Like-Jacking' refer to on Facebook?

Hacking accounts through malicious liking of false posts

Which of the following best describes identity theft in the context of hacking?

Pretending to be someone else to misuse their personal information

What can identity hackers utilize from their victims to commit fraud?

Sensitive information such as financial and medical data

What is a potential consequence of a hacker acquiring financial information through identity theft?

Opening new bank accounts under the victim's name

Which action can help you reverse the effects of like-jacking?

Disable the apps you have liked

Which method do hackers often use to conduct purchases fraudulently under stolen identities?

By opening credit accounts using the victim's details

What is a common method for hackers to access your social media account from afar?

Logging in from an unusual location

What type of content might lure a user into a like-jacking trap on Facebook?

Engaging posts or videos, like cute animal clips

What should you monitor to identify if your Facebook account has been accessed by an unauthorized user?

The location of last logins

What is the primary purpose of using password management applications?

To store multiple passwords securely

Which of the following methods is NOT typically used to prevent account breaches?

Using leaked credentials to access accounts

Why do cybercriminals target multiple accounts of an individual?

To maximize potential for identity theft

What password cracking technique involves systematically trying all possible combinations?

Brute Force Attack

Which tool helps users check if their credentials have been involved in a data breach?

HaveIBeenPwned

What is one consequence of identity fraud that cannot be easily reversed?

Damage to personal reputation

Which of the following statements about strong passwords is most accurate?

They should be complex and unique for different accounts.

Study Notes

Accounts and Credentials Security

• This section covers password cracking techniques, account breach detection methods, and prevention/protection strategies.
• Password cracking techniques include Brute Force and Dictionary Attacks.
• Account breach detection methods are covered.
• Password security measures include strong passwords, prevention of password recycling, multi-factor authentication (MFA), and password management applications.
• Tools for testing and creating strong passwords are mentioned (e.g., HowSecureIsMyPassword and password management applications).
• Compromised credentials (leaked credentials, like those found on HaveIBeenPwned and LeakedSource) are addressed.

Accounts and Credentials - Passwords

• Hackers use methods like pretending to be someone else to gain access to accounts (email, social media, etc.) to steal information. This is done by obtaining passwords.
• Accounts are online user profiles (e.g., email accounts, bank accounts, social media accounts, online dating accounts).
• Credentials are identifiers used to access and use accounts. This includes email addresses, account numbers, usernames, and passwords.

Protection

• Accounts have protections, often including usernames and passwords.
• Other protections include one-time codes (via cell phone), multi-factor authentication, biometric identification, CAPTCHA, and security questions.

Password Cracking

• Dictionary attacks exploit commonly used passwords (personal names, addresses, or company names).
• Brute-force attacks try every possible combination of characters.

Brute Force

• Brute-force attacks try every possible password combination, but can be slowed down by making passwords longer and adding more complexity to them
• Often assume certain characteristics are in common/often used passwords
• There are ways to protect from this kind of attack (e.g. make passwords longer, use capitals, symbols, etc.).

Email and Social Media

• Email accounts are critical for online communications, accessing other accounts, and conducting business.
• Hackers can target email accounts even if the password is strong.
• Malware hidden in attachments, phishing attempts, and unusual login attempts can compromise accounts.
• Unusual activity may include login attempts from unknown devices, username/password change notifications, inability to receive emails, or suspicious spam from friends/contacts.

Spyware

• Spyware programs can monitor computer activity (screen activity, typing, and files).
• Anti-malware programs (with good updates) can combat spyware programs.

Description

Explore techniques and strategies for securing account credentials. This quiz covers password cracking methods, breach detection, and effective prevention strategies like multi-factor authentication. Enhance your understanding of keeping online accounts safe from hackers.