On the internet, there are all kinds of people with bad intentions who would love to have third-party data in their hands. Hackers know ways to unlock the secrets of users and companies, mostly through login credentials. But how do they do it? With that in mind, come with me and learn more about how a password is cracked.
When a large company has a data breach, the monetary loss averages $3.8 million. All of this can come from an ordinary user who has gotten used to using the same password for everything in his life, from work to his favourite social network.
So, when a hacker discovers that little word that gives access to everything about the person, it is not difficult to invade the company’s information and guarantee the damage.
To ensure that a password is cracked, a hacker can use it in different ways to achieve the desired success. The main one is through attacks on hash encryption, a function that serves to map, summarize data and keep passwords safe within a server.
Commonly used methods to find a password
Cybercriminals use sophisticated technologies and software designed to analyze user behaviour. Some examples are the programs Brutus and RainbowCrack easily found on the net.
Fabio also introduced us to some of the most common methods used by hackers to hack into accounts:
1. Dictionary-based hacks
They use an automated program to combine dictionary words in common ways. People often create passwords that are easy to remember, so these tools try to mimic obvious patterns.
When thinking about passwords, people include names, birthdays, and even the names of favorite teams. Much of this information can be discovered by quickly browsing your social networks.
3. Credential stuffing
Also known as “credential stuffing”, this is a method used by hackers in which they use combinations of victims’ email and passwords to break into accounts that have the same login.
4. Brute force attacks
Hackers use an automated program to recreate all possible combinations of characters until they find the desired password. Unlike dictionary-based attacks, the brute force attack does not handle long passwords well. But short passwords can easily be cracked within hours.
It involves a scammer pressuring you to hand over money or valuable information to the hacker. They pretend to be trustworthy, usually like a reputable organization or someone you know. Phishing scammers may call, text, email or message you on social media. They also use fraudulent apps, websites and social media profiles.
6. Existing data breaches
They have already exposed a lot of passwords and other sensitive data. Businesses have been hacked more often, and hackers expose data online for a profit. This can be especially threatening if you reuse old passwords, as outdated accounts are more likely to be compromised.
How to try to protect yourself
It was noticed that the programs used by hackers are able to discover third-party keywords with great speed. This is especially the case because of the use of weak or too obvious passwords. For example, it is normal for someone to use the word “admin” or the date of a birthday as the only protection of their data.
And hackers love that kind of password.
This means that it is useless for you to add an exclamation point to the end of the password or vary between lowercase and uppercase letters. It may seem that it is creating more difficulty for programs and hackers, but this would all still be within the standard of human behaviour. Something already expected and that brings few problems for passwords to be discovered.
With that in mind, here are some tips that might be helpful:
- No personal information: Even if the hacker doesn’t know you, it’s not hard to find names of people or objects when using programs to crack passwords;
- Use a password manager: If you want to use random words, use a program known as “Password Manager” to have it set for you. The human mind, as much as it tries to be as random as possible, ends up creating predictable combinations;
- Size matters: As boring as it may sound, try to make passwords at least 16 characters long . This helps make the hackers’ job more difficult;
- Don’t use the same password for everything: This is self-explanatory, but it’s a tip that few people follow. Create different passwords for each account, never use the same for different platforms;
- Number 2 that helps: In addition to planning strong keywords, make use of 2-step verification apps. They make having the password not enough to access the profile or account.
Now that you know a little more about how passwords are discovered, let us know if you have any tips that weren’t covered in this article. It’s always nice to share knowledge!