Your password is the most important part of your security. A single password could grant an attacker access to your email account. After gaining access to your email account, it’s basically game over.
Most people don’t choose smart passwords. Most people choose dumb passwords that are easy to guess. If the passwords aren’t easy for a human to guess, then they’re easy for a machine to guess.
So are you suffering from RDPS? Really Dumb Password Syndrome is a real thing and it can have serious – permanent – consequences on your life.
RDP stands for something else as well: Remote Desktop Protocol. Today’s attackers are using your Really Dumb Password (RDP) to gain access to your computer via Remote Desktop Protocol (RDP). Are you still following along?
Connecting to someone’s computer via RDP is surprisingly easy. In fact, thousands of PC user RDP passwords are available for sale online. RDP installation instructions are available for computers around the world and are sorted according to a number of marketable qualities, including:
-City, state, and host country
-OS version and type
-Administrative access versus regular user rights
-Computer performance power (speed and number of processors)
-Amount of system memory
-Network download and upload speeds
-NAT or direct connections
If you have a powerful computer in a developed country with administrator rates and a good internet connection, your RDP installation instructions are going to be worth more than some guy’s Windows 95 PC in South Sudan.
A recent RDP installation instruction leak illustrated how dangerous the RDP hacking community can be. In that leak, someone purchased over 400 RDP-enabled systems. These systems were collected by scanning the internet while listening on port 3389 (which is the Microsoft RDP port).
Listening on that port didn’t actually reveal the RDP password. Instead, it simply revealed the username. But here’s the thing: in all of the 430 remote desktop attacks sold, the username was exactly the same as the password.
In other words, the attacker simply needed to identify the username and then plug that username into the password field. Voila! Instant remote access to the system.
The compromised systems weren’t random people in South Sudan, either. There were corporate targets, government targets, healthcare providers, insurance companies, law firms, and plenty of other important organizations. That’s bad and there’s no excuse for it.
Unless you want some attacker gaining complete administrative access to your PC, you absolutely need to make your password different from your username. You should also make sure it has the usual mix of numbers, letters, caps, and special characters.
You see that list of passwords and usernames in the thumbnail at the top of this page? That’s a list of usernames and their corresponding identical passwords that were recently sold to the highest bidder online. Don’t be those idiots!