How do Your Passwords get hacked?

Password attacks are one of the most popular ways people get their information and data compromised, and most cyberattacks are focused on obtaining the user's passwords.

This article explains how your passwords get compromised, the different ways in which this can be done and how to guard against such attacks.

Types

There are various methods in which your passwords can be compromised, but in this article, I'll be talking about the most common ones and how they work.

Brute force attack

Brute, meaning brutal or crude, and force, meaning power or exertion.

Have you ever tried to guess your parent's cell phone password as a kid? You probably tried your mother's name and birthday, or perhaps you tried your sister's name and birthday (who, by the way just happens to be the favourite child ).

Well, thats brute force. Congratulations on being a hacker ! (even if you didn't get the password right). Brute force is a form of cyberattack where hackers run various possible words and combinations into a system in hopes of getting the correct password. They do not need to do this manually though as there are various tools made by other hackers available for doing this.

Dictionary Attacks, which are a type of brute force attack, is when the hacker runs a list of existing words and phrases ('the dictionary') into the system in hopes of getting the user's password.

Password spraying

This is an attack in which hackers try a range of commonly used weak passwords on a group of systems. There is a long list of passwords commonly used by people who have no knowledge on setting good passwords or simply do not care.

Words like password123, 12345678910, mypassword or other easily guessed words are quite common and you’d be shocked by how many people use them for important accounts.

There are a number of lists compiled online and tools built to automatically run every single one of the passwords in this list on an account a hacker is trying to compromise. A lot of the time, this passwords work, and when they don’t there are several other methods that can be used.

Credential stuffing

This occurs when attackers try to crack your password by using a list of exposed credentials(emails and corresponding passwords). These are credentials that have previously been obtained a data leak and are freely available on the dark web.

Again, there are tools that automate the process of testing each of this passwords to make it easier for an attacker.

You can check out the HaveIbeenpwned website to know if any of the apps or services you’re using have been in a data breach and if any of your credentials have been exposed in one, make sure to change the password if so.

This is also another reason why you should not reuse passwords or even use a variation of a password for another site.

Social Engineering Attacks

Hackers can also carry out attacks and get you to just give them your password directly, this method is called social engineering. It is when humans are tricked into revealing sensitive information to hackers.

There are various ways in which this can be done.

Phishing

Phishing attacks occur when attackers trick an individual into believing they are someone else and use this identity to get access to sensitive information that they otherwise wouldn’t and shouldn’t be privy to.

Vishing

Which is a word derived from voice phishing, is a situation when the attack occurs over an audio medium like voice messages or voice calls .

Smishing

This is also a type of phishing attack and stands for SMS phishing. Here, attackers use text messages to carry out their attacks and lure individuals into divulging sensitive information.

Ways to Prevent password breaches

Here are a couple things you can implement to help you guard against this type of attacks.

Don't share

This might sound a little obvious, but you won’t believe the amount of people that tell friends passwords or even somehow end up posting their passwords on social media.

Case in point - share your password thread on X(twitter).

Don't write them down

Have a password manager to keep track of your passwords, don’t write them down. Anyone can come across your book, sticky-notes or wherever it is you’ve written it down regardless of how safe you think you’ve kept it.

Make it complex

Don't use sentimentally valued words or easily guessable things like your birthday, middle name or other things like that, and if you must, at least make it a little complicated.

I’m sure you’ve seen it on some sites when setting passwords, they tell you that your password must contain both upper and lowercase letters, numbers, symbols, and must be longer that 8 or so numbers.

All these are a way of making your passwords less susceptible to generalised attacks like password spraying and the likes.

Make it unique

Don't use one password for multiple accounts, or variations of one. This ensures that a breach of one of your accounts does not ensure a breach of all your other ones.

If an attacker has gotten one of your passwords to be Chocolate, it’s not really hard to get the other which is Choco1ate or some other variation. Use a password manager if you’re worried about forgetting them.

Enabling Multifactor Authentication

Most sites like Instagram, Whatsapp or twitter have an option in the security setting that allows you to enable a feature known as multifactor authentication.

It ensures that even if an attacker has compromised your password, the site still sends a message to your preferred medium (like your your gmail) for verification before the individual logging in can have full access to your account.

Conclusion

Stay safe, and stay secure.

It's really heartbreaking when people's accounts get hacked or they get sensitive information like bank credentials stolen in an attack when it is possible for such a situation to be prevented.

I hope you and I don't become one of them.

---

Check out more of my articles here, and drop a like and comment on this if it was helpful.

Cheers.