Skip to main content

What Is Credential Dumping? Protect Yourself With These 4 Tips

credential-dumping

It’s bad enough when hackers get their hands on one of your accounts or logins. But sometimes they can use one stolen password to steal many of your other passwords as well. If your computer is on a network, they may be able to steal other users’ passwords too.

This is achieved using a technique called credential dumping. We’ll explain how it works and how to protect yourself from it.

What Is Credential Dumping?

Credential Dumping - weak password

Recently security researchers have been talking about the dangers of credential dumping. This is a technique used by hackers to access multiple accounts from one person.

It begins when hackers get access to a victim’s computer. From this one computer, they are able to extract usernames and passwords for multiple accounts. These could include logins for bank accounts, email accounts, and login information for other machines or networks.

This can make it easier for hackers to steal someone’s identity and take over all of their accounts. They can also use this technique to grab login details for other users on the network, spreading a vulnerability from a single machine to an entire system.

How Are You at Risk of Credential Dumping?

It is possible for hackers to access many passwords when they access a computer due to the way operating systems handle passwords. Your operating system doesn’t want to annoy you by asking for passwords all the time, so once you have entered a password it is stored in the computer’s memory for later use.

If the hacker is able to access a file called the Security Account Manager, they can see a list of the passwords stored on that computer. The passwords are hashed, meaning each character is transformed into something else to hide it. This is the same process used for passwords on secure websites. But if the hashing is not strong enough it can be broken for each stored password. Then the hacker will have access to all the different accounts for that user.

If another user has logged onto the same machine, the hacker might be able to find their passwords too. If a business user has problems, they may call IT support and get a network administrator to come and check their machine. Once the network administrator logins in to a compromised machine, the hacker can steal the administrator’s login information as well and do more damage.

How to Protect Yourself From Credential Dumping

Credential Dumping - password manager

You can see the threat posed by credential dumping. But there are some simple steps you can take to protect yourself and your device from this technique:

1. Don’t Store Your Passwords on Your Computer

A bad habit many people have picked up is storing all their passwords in an unencrypted text file on their hard drive. They know that they mustn’t use the same password for multiple sites, and that passwords should be hard to guess. So they use random passwords. But they can’t remember all of them so they write them down in a file on their computer.

The reason this is a problem is that if an attacker accesses that one text file, they have access to all of your passwords for every site. This is a big security risk and makes credential dumping very easy, so it should be avoided.

2. Use an Online Password Manager

So if you shouldn’t store passwords on your computer, what should you do with them? It’s a good idea to use a trustworthy online password manager like LastPass or 1Password.

Online password managers work by storing your credentials online. This data is encrypted before it is uploaded to the internet, so you can access your passwords from any device. This has the advantage of protecting you from credential dumping. But it can also be a disadvantage; if someone finds out the master password for your password manager, they can access every single one of your accounts.

On balance, an online password manager is the option that many people choose for the best security. But you need to be very careful with your master password and make sure you never write it down anywhere, either on a computer or on paper. This is one password you really need to memorize.

3. Enable Microsoft Defender

If you’re a Windows user, you should definitely make sure Microsoft Defender, Microsoft’s antivirus solution, is enabled. There’s even a version of Microsoft Defender available for Mac.

Microsoft says that Defender will protect against credential dumping by protecting the lsass.exe process which is the target of many credential dumping attacks. When you enable Defender, it will run automatically in the background to protect your computer.

Defender should be enabled by default on Windows machine. To check, go to Settings in Windows, then to Update & Security. Choose Windows Security from the menu on the left. Now click Open Windows Defender Security Center. Here, check that Virus & threat protection and Account protection are enabled.

4. Use Two-Factor Authentication

One of the best ways to protect yourself from password theft is to use two-factor authentication wherever possible. This means that when you go to log in to a site, you first enter your username and password. Then, if the password is correct, you enter a second piece of information.

Usually, you will enter a code that is generated by an app on your phone. Alternatively, you can enter a code which is sent to your phone via SMS.

The idea is that even if an attacker knows your password, they don’t have access to your phone or your email. The only way to access your account is when you have both the password and access to your device.

The annoying thing about two-factor authentication is that you have to enable it individually on every site you use. But you should definitely start by enabling it on your most essential websites, like your email account, your online banking, and PayPal or other payment services.

Beware the Threat of Credential Dumping

Credential dumping is a technique used by hackers to steal passwords for multiple accounts when they have accessed one computer. It can happen because of the way operating systems store passwords once you have entered them.

You can protect yourself from this threat by using a password manager, enabling Microsoft Defender, and enabling two-factor authentication.

To learn more about how passwords can be compromised, see our article explaining the most common tactics used to hack passwords.

Read the full article: What Is Credential Dumping? Protect Yourself With These 4 Tips

Comments

Popular posts from this blog

The Best 10 Social Media Platforms for Photographers to Flaunt Their Talent

Social media offers an excellent opportunity for photographers to connect with potential clients. In the digital era, it's a great asset. By showcasing your work on these networks, you can reach new audiences. Whether you are a professional or freelance photographer, the following social platforms will help you show off your work and get the right people to take notice... 1. Behance Behance is a classic portfolio publishing network that functions like a LinkedIn for creatives. Designed by Adobe, this is one of the best photography networking sites currently out there. The platform is ideal for sharing your portfolio and favorite images, allowing other Behance users to like and comment on your photos. By learning from their feedback and professional critiques, you can improve your work. The coolest feature of Behance is that it lets you find professional gig opportunities right on the platform. With your portfolio already available on the site, getting work becomes effortless.

The 6 Best Platforms for Sharing Your Digital Art Online

Whether you're looking for somewhere to host your digital art portfolio or simply want to share your latest artworks, it can be difficult to choose a website to upload to. Or at least, it definitely is more so than before, now that art websites aren't bubbling with as much excitement as they used to be. You know that each site has its pros and cons, but it's hard to figure out what those are unless you make an account and see for yourself. Don't worry if you don't have time for that—we've got your back. Here are the websites we recommend for sharing digital art, and why you might want to consider them. 1. Pixiv If you were around when the online art scene was ridiculously active, chances are that your art style is influenced by anime and/or manga in some way. Otaku culture began its slow sneak into mainstream media back then, and Pixiv is a great home for artists that fall in that category. Pixiv started as a small online community based in Japan, but has s

Snapchat Suspends Two Anonymous Messaging Apps Over Cyberbullying Claims

In light of a lawsuit that was filed earlier, two Snapchat apps, Yolo and LMK have been suspended by Snap. The apps allowed users to send anonymous messages on the platform. The Lawsuit Calls for an Immediate Ban of Yolo and LMK According to a LA Times report, the lawsuit was filed on behalf of Kristin Bride, the mother of a teen who committed suicide in 2020. The lawsuit alleges that Bride's son took his own life after being cyberbullied via Yolo and LMK. In addition to this, the lawsuit alleges that Yolo and LMK aren't doing enough to tackle cyberbullying, and have consequently violated consumer protection law as well as their own terms of service and policies. Both apps use Snap Kit, a set of tools that allows developers to directly connect to Snapchat for better integration features. Today the family of a 16-year-old Oregon boy who took his own life after being cyberbullied sued Snap and the makers of apps YOLO and LMK, alleging that the companies should be "h