How Your Passwords Get Hacked
Nowadays, everything on the internet requires you to type in a password. Since most users avail themselves of a variety of different services, it can be tough to keep track of all of the login details for each and every one of them. Not only that, but you have to keep coming up with strong passwords – and then remember them. This is undoubtedly one of the many hassles active IT users have to contend with on a day to day basis – and it is the cause of more than a little bit of annoyance and resentment.
The resulting disdain for passwords is a lead cause of a lot of bad password practices. Such practices include recycling passwords or keeping them as bare-bones as possible, in an attempt to make them easy to remember. Unfortunately, both of these practices represent a hole in your online safety that you can ill afford.
How Password Hacks Work
To hack a password, an attacker will usually employ a dictionary attack tool. This is a tool that allows the malicious actor to attempt to log into an account many times in a row. This tool is then loaded with a list of commonly used or otherwise known passwords. The tool will then try to log into the platform with every password in its “dictionary” in the hope of finding a match. If it does find a match, the attacker will be able to log in with administrator credentials, or even install a backdoor for a future entry. From that point on, your online presence is compromised, and depending on how important and interconnected the breached account is, you may end up suffering severely.
The speed with which such dictionary attacks can take place can vary greatly, depending on the attacker’s setup and skillset, the library of account names and passwords they have access to, and the limitations of the platform they are trying to breach. Some platforms take precautions to disallow such brute-forcing methods – but not all do.
Another popular technique is the so-called “credential stuffing.” This is similar to a dictionary attack, but it relies on the cybercriminal in question, having done more research on its target and having gotten their hands on a more specific, sophisticated list of passwords. The said list is most likely to be composed of real account names and passwords lifted from other compromises in the past.
What Does This Mean for You?
The fact that there are vast libraries containing the most commonly used and popular passwords worldwide attests to the importance of users coming up with unique and inventive passwords. After all, if your password is obvious and easy to remember – it’s probably on the list, and anyone who tries that list can easily break into your account. This means that you have to get creative with each and every password guarding the access to any one of your significant accounts. Just using a single eight-letter word with some of the letters swapped out for numbers means that you’re practically leaving your account unguarded, as far as the hackers using dictionary attacks are concerned. Your password needs to be so perplexing that they don’t have a one in a million chance of guessing it – because, with the right setup, they may have no trouble making 5-10 million attempts to break into your account.
Additionally, you should not re-use passwords on multiple accounts – ever. While many companies make a serious show of taking their user’s security seriously, a study shows that human error is the main cause of data breaches nowadays. Even if the system keeping one of your accounts safe is sound in and of itself, the people who interact with it are only human, and accidents do happen. While this is unfortunate, it means that anyone of your logins may be leaked online at any time – and end up on a list of hacker’s list of passwords to try the next time they decide to try and break into a platform. You must absolutely avoid the possibility of that happening to any one of your important accounts – and this can only be done by using unique and complex logins on each and every one of them.
This presents a challenge in and of itself and a dilemma that only seems to have two possible answers. You need to either start getting good at creating, memorizing, and inputting a multitude of unique and complex passwords - оr get a password manager to do that for you.