How Your Passwords Get Hacked

Nowadays, everything on the internet requires you to type in a password. Since most users avail themselves of a variety of different services, it can be tough to keep track of all of the login details for each and every one of them. Not only that, but you have to keep coming up with strong passwords – and then remember them. This is undoubtedly one of the many hassles active IT users have to contend with on a day to day basis – and it is the cause of more than a little bit of annoyance and resentment.

The resulting disdain for passwords is a lead cause of a lot of bad password practices. Such practices include recycling passwords or keeping them as bare-bones as possible, in an attempt to make them easy to remember. Unfortunately, both of these practices represent a hole in your online safety that you can ill afford.

How Password Hacks Work

To hack a password, an attacker will usually employ a dictionary attack tool. This is a tool that allows the malicious actor to attempt to log into an account many times in a row. This tool is then loaded with a list of commonly used or otherwise known passwords. The tool will then try to log into the platform with every password in its “dictionary” in the hope of finding a match. If it does find a match, the attacker will be able to log in with administrator credentials, or even install a backdoor for a future entry. From that point on, your online presence is compromised, and depending on how important and interconnected the breached account is, you may end up suffering severely.

The speed with which such dictionary attacks can take place can vary greatly, depending on the attacker’s setup and skillset, the library of account names and passwords they have access to, and the limitations of the platform they are trying to breach. Some platforms take precautions to disallow such brute-forcing methods – but not all do.

Another popular technique is the so-called “credential stuffing.” This is similar to a dictionary attack, but it relies on the cybercriminal in question, having done more research on its target and having gotten their hands on a more specific, sophisticated list of passwords. The said list is most likely to be composed of real account names and passwords lifted from other compromises in the past.

What Does This Mean for You?

The fact that there are vast libraries containing the most commonly used and popular passwords worldwide attests to the importance of users coming up with unique and inventive passwords. After all, if your password is obvious and easy to remember – it’s probably on the list, and anyone who tries that list can easily break into your account. This means that you have to get creative with each and every password guarding the access to any one of your significant accounts. Just using a single eight-letter word with some of the letters swapped out for numbers means that you’re practically leaving your account unguarded, as far as the hackers using dictionary attacks are concerned. Your password needs to be so perplexing that they don’t have a one in a million chance of guessing it – because, with the right setup, they may have no trouble making 5-10 million attempts to break into your account.

Additionally, you should not re-use passwords on multiple accounts – ever. While many companies make a serious show of taking their user’s security seriously, a study shows that human error is the main cause of data breaches nowadays. Even if the system keeping one of your accounts safe is sound in and of itself, the people who interact with it are only human, and accidents do happen. While this is unfortunate, it means that anyone of your logins may be leaked online at any time – and end up on a list of hacker’s list of passwords to try the next time they decide to try and break into a platform. You must absolutely avoid the possibility of that happening to any one of your important accounts – and this can only be done by using unique and complex logins on each and every one of them.

This presents a challenge in and of itself and a dilemma that only seems to have two possible answers. You need to either start getting good at creating, memorizing, and inputting a multitude of unique and complex passwords - оr get a password manager to do that for you.

By Giles
February 21, 2020
Password Security
English
February 21, 2020
Password Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Password Security

Happy World Password Day! Now Go and Fix Your Passwords!

We have World Toilet Day and World Laughter Day. It's only logical to have a day dedicated to another thing we encounter on a daily basis – passwords. Security specialist Mark Burnett was the first person to suggest... Read more

May 3, 2018
Password Security

Why You Shouldn't Reuse Passwords

During your school years did you ever become frustrated when someone in your class shared the same name as you? Better yet, was there ever a time that someone improperly identified you as someone else? Such... Read more

March 14, 2018
Password Security

Google Introduces Password Security Changes

Login credentials remain to be one of the most targeted pieces of information by cybercriminals. Consequently, cybersecurity experts talk more and more about bad password habits and measures that both companies and... Read more

December 11, 2019
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.