Most of us know that password fatigue can lead to security mishaps and that creating a safe and secure entrance into our personal or work accounts can be a real challenge. Fortunately, security experts also know that safe password use has long been a problem, one that can lead to epic malware infections like ransomware, banking trojans, and more.

RedLine Stealer Malware

Popular browsers like Chrome, Firefox, Safari, and Opera offer the option to store passwords for you, but hackers using the malware RedLine Stealer can hijack those stored passwords in a heartbeat.

Looking deeper into RedLine Stealer shows that the malware is capable of stealing more than passwords from browsers. Even though browsers encrypt what they store, RedLine can decrypt it. This info-stealing trojan takes more data such as usernames, credit cards, cookies, FTP credentials, and files if they also are stored in the browser. RedLine Stealer also downloads and runs other malware, takes screenshots of active Windows’ screens, and executes additional commands. In short, RedLine hijacks every bit of data stored in a browser.

Security experts note RedLine also sneaks past anti-virus solutions, making it nearly impossible to prevent infections. It doesn’t help that this malware is readily available on hacker websites like 2easy and others. Apparently, half the stolen data sold on 2easy is there thanks to Redline Stealer’s, well…stealing. Experts also saw evidence of spam campaigns using website contact forms and discussion forums and a host of other lures that download and install RedLine.

Adding to RedLine’s success is that it exploits a substantial security gap for password-storing browsers that is yet to be acknowledged and fixed. And since that day isn’t today, browser password storage remains a convenient but very risky road to take.

How to Avoid RedLine and other Password Stealing Malware

Rather than store your passwords in the browser, consider another solution to remember them. Writing them down with the old-fashioned pen and paper and storing them securely is one option. Another is using clues to trigger your memory. But if you want to use a password manager, use caution.

Password managers are an alternative to having a browser store them. They keep usernames, passwords and other guarded data like credit card info that is encrypted and in theory is safe. But most also have a master password that if stolen, gives up all the usernames and passwords they store. Think “keeping all your eggs in one basket.” Be sure to shop around, as password manager providers offer different services at differing prices. Use MFA (multi-factor authentication) to secure your password manager. Even if a hacker gets hold of the password, they won’t have the required MFA to abuse it.

Alternative Password Storage

Alternative methods to password managers are giving users a way to authenticate their identity without relying on passwords at all. They include using alternate options like a smartphone, hardware token, one-time passwords (OTP), or a biometric measure like a fingerprint. Many mobile devices use this already. However, those are coming our way in the future for our laptops and desktops. For now, it’s best to find another option besides storing them in browsers.

The folks at Stickley Security suggest a quick and easy way to create a secure password to help avoid password fatigue. First create a strong base password. Use a number, lower case and uppercase letters and a special character (!#$%*;). For example: 89!ApikT. This ‘core’ or base password can be used in combination with a part of the URL for the account you are creating a password for.

A Simple Way to Create Unique and Easy To Remember Passwords

Combine the URL with the base password and create a secure, unique combination that will be easy for you to remember. For example a password for facebook could be: fb89!ApikT or 89!ApikTfb. Anyway you combine it, you’ll be able to remember it.

Tip for creating a strong and unique password

Mid Oregon provides a valuable resource for enhancing your online security. We invite you to explore our Stickley on Security section within the Security and Fraud Center. This platform offers timely articles covering a range of digital security topics, along with informative videos. Additionally, you can subscribe to receive news and alerts via email, ensuring you stay informed with the latest updates to keep your financial accounts secure in the digital landscape.

Read additional blog articles on cyber security and fraud.

As a reminder, Mid Oregon will never initiate a call asking for personal or account information via phone, text, or email.