How One Bad Password Let Me Ruin My Friend’s Week

263 views
0

Last week, a friend messaged me inviting me over to his place. With nothing else going on that day, I agreed and packed up my laptop, some snacks, and headed over. Fast forward a bit, I’m setting up my laptop and need to connect to the Internet. I easily find which Wi-Fi connection belongs to my friend, as it’s his name. The password field pops up and I ask the inevitable question. My friend has the audacity to turn towards me and say, “The password is my last name 1234”.

“You can’t do that,” I replied.

Maybe if the year was 1995 I would let that slide. Maybe if he wasn’t living in a densely populated neighborhood and the closest neighbor was five miles away I would let that slide. Maybe if I didn’t get a degree in Computer Science and knew nothing about cybersecurity I would let that slide.

We’re approaching 2022 in a society dependent on technology. When was the last time you left your house and didn’t see something that is controlled by a bit of software? Probably not unless you live entirely off of the grid (and seeing as you are reading this article on the Internet right now, you can’t be). Quite often, much of the technology we use is connected to the Internet. The Internet gives people access to other computers. See where I’m going with this?

Password security is vital in today’s world. It’s obvious that you would want to use a secure password for your essentials such as your online banking login or medical information, but sometimes people don’t see the need to secure the less considered subjects. Let’s use my friend’s Wi-Fi as an example and go over a few items.

Finding the Wi-Fi

As I mentioned earlier, it only took me a few seconds to locate his connection in a list of about a dozen. Anyone in the area who knows my friend’s name would be able to find which connection is his right away. Yeah, this may make it easy for you to add new devices, but how often is that really happening? It is preferable to use a Wi-Fi name that cannot tie you as a person to the connection. Personally, I enjoy this and spend more time than I should thinking of witty names when I’m setting up new Internet routers and such. People can get pretty creative with it.

Entering the password

Let’s assume my friend was in a bad mood because his kids accidentally dumped a gallon of Tropicana on the carpet again, and when I asked him for the password, he tells me to figure it out myself. If I had to guess the password, I probably would have gotten it correct on the third or fourth try, in all honesty, and that means anyone else could probably guess it as easily too.

Using your last name and adding 1234 to the end of it is listed as one of the most used passwords every single year. A hacker could potentially break into my friend’s Wi-Fi in less than a second. Don’t believe me? NordPass—a popular password safe—releases a comprehensive list of the most used passwords each year, as well as an estimate of how long it would take to crack them. Notice how many of them take less than one second to crack.

Destroying my friend’s life

Now that I’m connected to my friend’s Wi-Fi, what can I do to give him more problems than orange juice-stained carpet? Personally, I hate buying movies. I don’t even think I own a DVD player anymore. In the time it would take for my friend to dab up the spilled juice, I could have already started downloading a half-terabyte of films illegally (if I knew how to do that) and a few video games all on his Internet. Sure, I’ll get away with it, but maybe Comcast happened to flag this spike. Guess who will get the letter in the mail to cease and desist under the threat of a lawsuit? This is just one example of how easy someone can ruin your day due to a weak password and without any critical thinking needed.

Let’s run through a new scenario where I actually learned something in college, and decide to get a bit more technical with my mischief. Now that I’m connected to the network, I can see everything going on in the background—packets of data being transferred back and forth. It’s the perfect setup for a man-in-the-middle attack. With enough luck and skill, I’m able to find my friend’s credit card information and I proceed to order 12,000 live ladybugs on Amazon and schedule them to ship every three days to his house. And while I have that information, might as well order a few nice things for myself. All he had to do to avoid this was use a better Wi-Fi password.

Update your passwords!

After my friend figures out what to do with all the ladybugs I sent him, he probably should consider how he looks at password security. Sure, it may be easy to set up an account with a simple password and can make your life easier, but you also put yourself at risk of making your life more difficult—even if you think that random password might not be important.

Consider using password protection software such as LastPass, PasswordSafe, or NordPass which includes the option to create autogenerated passwords that can take potentially hundreds, thousands, and even millions of years to crack. If not, try to think of a password that no one would guess and utilize special characters, numbers, and capitalization throughout.

Think ahead: 2022, new passwords for you.

Author

Your email address will not be published. Required fields are marked *