Online security expert Haozheng Weng is accepting a podcast interview with Boen to share how “hackers” steal network passwords!

Cybersecurity expert Wong Hao-zheng was interviewed by Bo-En Tseng, conducting an in-depth analysis of today’s cybersecurity issues. Wong Hao-zheng pointed out that with the widespread adoption of artificial intelligence, hackers can now use automated tools to identify the logic and context behind human thinking and infiltrate accounts, which creates a serious challenge for traditional cybersecurity defense concepts. He said that password complexity is no longer important—the key is that they should be special enough—and he proposed that the defense methods that have been most useful so far are using “biometrics” or “encryption” password management tools.

Will smart light bulbs also become weapons for attacking a country?

In an environment where the internet is widely used, household devices like smart light bulbs can also become a “springboard” for hackers to launch large-scale cyberattacks. If users do not change default passwords or use weak passwords such as “12345678,” hackers can easily obtain control through automated scanning tools.

Once control is taken over, hackers are not only targeting that device itself. Instead, they use it as a base to conceal their true identity, and then launch attacks on important targets such as defense organizations or government agencies. This will cause law enforcement units, when tracing digital traces, to point directly to the IP address of the owner of that IoT device, turning ordinary people into scapegoats for hacker activities without realizing it. Because most users are not vigilant about the security of these kinds of home devices, smart home equipment has become an attack path with extremely high stealth in today’s cybercrime.

The longer the default password, the more advanced and secure the system is!

Wong Hao-zheng criticized traditional cybersecurity systems, especially regulations such as “changing passwords regularly” or “forcing inclusion of special characters.” He emphasized that the “length” and “unpredictability” of passwords are more effective for defending against hacker attacks in modern times. The currently recommended password length should be between 14 and 20 characters, or use combinations of long phrases. If it’s a website from the old internet era, engineers would only set the default password within 8 characters. When users adopt patterns that are easy to predict—such as incrementally adding an exclamation mark at the end of the original password—this almost has no defensive power against modern cracking techniques. The main reason is that hackers can understand the user’s logic through other means; for example, using 1234567 plus a special symbol is easy to calculate.

Password management tools and multi-factor authentication can balance convenience and security

For protecting personal accounts, experts advocate using password management tools (Password Manager) and multi-factor authentication (Multi-Factor Authentication, MFA). Password management tools can generate thousands of independent and random passwords for different accounts, preventing a chain reaction if a single account is compromised. Although advanced hackers may try to bypass multi-factor authentication, for blocking SIM Swapping “SIM card swapping” or AI-driven automated phishing attacks, multi-factor authentication is still the most effective way today to balance convenience and security.

Mental exhaustion can also create vulnerabilities

As cybersecurity technologies continue to evolve, human negligence caused by mental exhaustion remains the biggest vulnerability. In recent years, a commonly seen attack is the Push Fatigue Attack “push fatigue attack,” which uses hackers continuously sending large numbers of login verification requests, trying to make the victim, while being impatient or distracted, instinctively click “Agree” or “Allow.” This kind of attack targeting human behavioral characteristics shows that technical defenses alone are not enough.

When users manage digital risk, they should have clear awareness. For accounts with higher importance (such as online banking or email), they must adopt the highest level of security settings, rather than placing all services under the same level of protection. Experts remind that there is inevitably a trade-off between security and convenience. The biggest threats often stem from overlooking device settings or relying too heavily on operational processes. These human weaknesses are the parts that automated tools are most likely to break through.

How to choose a password management tool

At present, there are multiple password management solutions on the market, including standalone applications (such as 1Password) and browser-built-in storage features (such as Google Chrome or Firefox built-in tools). Although browser management tools offer a high level of convenience, if someone else obtains physical control of the computer, there is a risk that passwords could leak. Professional password management tools only require the user to remember one strong Master Password, and the rest of the complex encryption processes are handled by the software.

In addition to storing passwords, these tools have notable advantages in defending against phishing. When a user accidentally types into a scam website or a phishing page, the password management tool will refuse to automatically fill in credentials because the URL does not match, which can effectively prevent users from leaking personal information because they cannot recognize forged URLs with the naked eye. Experts emphasize that no matter what kind of reputable management software you choose, its security is far higher than the old habit of reusing the same simple password across multiple websites.

This article Cybersecurity expert Wong Hao-zheng was interviewed by Bo-En and shared how “hackers” will steal internet passwords! First appeared on Lian News ABMedia.