How Safe are Your Passwords?
According to a 2010 study conducted by Microsoft, mandatory password changes costs billions of dollars in productivity for the companies that enforce them. These changes usually force workers to comport to stringent requirements, such as using a specific number of capitalized letters and special characters. According to the study, all this does is make remembering one's password harder. Most people just make a slight variation to their already existing password, and In some cases they even put their new password on a sticky note near their computer, for anyone walking by to see. On top of this, password changes to high-risk accounts are largely ineffective. This is because when a hacker gets the login information to, say, your online bank account, they aren't going to sit around constantly logging on to spy on your finances. They're going to transfer your money as quickly as possible, and unless you change your password at the exact instant in which they're accessing your account, all the mandatory updates in the world won't help you. Essentially, mandatory password changing on most accounts is at best a meaningless headache and at worst a huge time waster.
There are certain types of accounts in which hackers may linger to gather certain information about you. If a hacker gets into your Facebook account, they may stick around for a few months, impersonating you or trying to use the things you've posted as a means of gaining access to your other accounts by determining the answers to your security questions. In this case, it may be worth changing your account regularly as a preventative measure. That said, the methods that today's hackers use are usually advanced enough to crack most passwords.
Dictionary attack
Dictionary attacks as their name implies, use a program that randomly combines and words from the dictionary, quickly guessing any password that doesn't contain proper nouns,numbers or special keys.
Brute force attacks take a serious amount of computing power but have the potential to guess any password if given enough time. They simply guess, very quickly, every possible password variation. The longer your password, the safer it is.
Rainbow table attacks are an advanced method of breaking a website's encryptions after stealing its password database. These databases are easily accessible but most are protected by cryptographic hash functions. These are functions that encrypt passwords, with minute changes in input drastically affecting the function's output. Rainbow tables often provide a more feasible means of attack than using brute force, as the passwords contained in them are already hashed, making comparisons much easier.
Even if the websites you use salt (attach random data to) their passwords and encryption hashes as a preventative measure, this may not be enough. When the passwords, usernames and personal information of Ashley Madison users were leaked, Ashley Madison–probably due to the nature of the site's information–was using an advanced function called bcrypt to salt all of their hashes. Unfortunately, they also used the antiquated but still very popular MD5 encryption function for certain portions of their database. Hackers didn't even need to attack the bcrypt in order to get the data they wanted. They just hit the MD5 tokens and were able to reveal most of the information on the site.
This idea of a hacker is a bit cartoonish
Unfortunately, these vulnerabilities are more or less systemic. There's no way to convince the owners of the websites you frequent to update their encryption functions or any concrete way for you to protect your passwords. In reality, your passwords are never truly safe, unless they're protected by bcrypt, which is really only safe until some cracks it. Your chances of being hacked, regardless of your password's sophistication, is virtually 100%. Hackers have programmed bots to do the heavy lifting and most attempts at hacking occur automatically. To make matters worse, there are large swaths of web that aren't even encrypted, and the areas that are, have been proven susceptible to attack. This means the answer to the question of how often you should change your passwords is relatively simple. You only need to change them if you think someone else has direct access to your account specifically. An angry ex or someone spying over your shoulder on the bus is a much more pressing danger than some anonymous hacker online. The truth is, changing your password won't do much to stop people who know what they're doing. Passwords only protect you because it takes effort to hack them, not because they're impenetrable.
How Safe is Your Smart Home?
When it comes to smart homes, the technologies involved can vary, but more often than not they're centered on security. Some using motion-sensing technology to automatically turn on cameras. Others contain sensors for all types of issues including flood water, burglary, smoke, and carbon monoxide. The requisite paranoia required to purchase one of these systems aside, there is a growing concern that these security programs can be hacked and easily monitored by would-be burglars. While self-driving cars are still a work in progress (Uber just killed a woman with one of theirs), hackers were able to shut down security features on a Jeep and prove how connected utilities are just as easy to hack as anything else connected to the Internet. The same principle can applied smart homes.
Alexa and her hackable friends
On one end of the hacking spectrum, you have a previous home's owner. There are currently no standards in place to prevent a seller from having access to their old home's smart features. This means the flickering of your lights and the constant opening and closing of your home's garage door could be part of a prank by the last person living in your house. This can also leave home owners vulnerable to burglary, though the police would probably have an easy time cracking that case. Burglary is more likely to occur from an outside force, one that you haven't met and agreed to purchase a house from. That said, tech savvy burglars could have just as easy a time robbing you while you're at work or on a vacation.
Direct denial of service (DDoS) attacks have been used to disrupt the Internet connection for entire corporations, and can now, via the Internet of Things (IoT), be accomplished with ordinary devices such as TVs and washing machines. When these devices were designed, many of the companies hectically released them without putting much thought into their (the devices) security. There are now over six billion everyday items connected to the Internet, with IoT spending to hit around 1.7 trillion by 2020. But how and why would burglars perform cyber attacks on smart homes, when it'd be just as easy to break a window wearing facemasks and steal as much as they can carry before the police arrive? While burglars could perform DDoS attacks on homes and shutdown security systems, this could raise suspicions, as homeowners might notice that their cameras and motion sensors aren't working. Burglars can however, hack into less obvious devices and use them as a means of surveillance, casing their target at a safe distance. Recently, it was discovered that the MyQ garage door system could be hacked and used to spy on homeowners, alerting hackers when the door opens and closes, and giving them the ability to reopen the door after residents leave. This sort of thing is much more useful to burglars performing smash and grab robberies and makes it far too easy for robbers to keep track of a homeowner's schedule.
New security systems are at risk.
So, what can you do?
The fact of the matter is, smart homes are no more or less secure than regular homes. If someone is dedicated to robbing your house, they're going to find a way to get the job done. That said, smart homes do provide a baseline of coverage against standard, non-tech savvy burglars and having visible cameras on the outside of your house can be a serious deterrent. If none of the devices in your house are smart though, it might be worth it to wait until cyber-security measures become standard before buying that new app-controlled washer. As for alarm systems, at this point the old school systems that alert the police department via a landline rather than the Internet are far safer and effective. Like anything though, it's important to do your research before buying.
