We all know that cybercriminals hack into applications, but how can they get our passwords in the first place? They need the passwords to get into these online applications, and there are as many as nine different methods that they can use to obtain passwords.
This first method includes things such as phishing attacks
. We have many blogs and videos discussing phishing attacks as they are so common and growing in popularity. They are essentially emails from a cybercriminal disguised as an email from a trusted sender, such as a business, co-worker, or even friend. They prompt the individual at risk to click a link that looks legitimate. This downloads malware onto your device and tricks you into putting in details and logins. The cybercriminal then has your login details and can hack into your account.
Hackers can buy your passwords on the dark web. This usually occurs after a significant data breach, such as 2021’s LinkedIn breach
, where 92% of users were stolen and sold to cybercriminals. After obtaining your data, hackers can then use this to log into other accounts of yours using similar or the same password depending on your quality of password security.
Another standard method of hacking is when hackers log into accounts by using a generic and common password and trying to log into lots of different accounts until one is correct.
Brute Force Attacks
This form of cyber-attack is very similar to password spraying; however, the hackers take one username and try many different passwords to try and get into it.
Hackers aren’t always mysterious criminals from the other side of the world. A hacker might be someone within your business or a public member in your area. People around you can easily watch you over your shoulder without you ever noticing and watch you type in your username, email address and passcodes, and you would be none the wiser.
Like shoulder surfing, people can steal your password by reading and memorising your password that could be written on a post-it note and stuck to your monitor or laptop screen or even written in the back of your notebook! It’s easier than you might think for people to access your accounts, and the people around you aren’t to be trusted.
monitors your keystrokes and reports back to the cybercriminal. This can be downloaded onto your device via phishing attacks and clicking on links that download malware and or software onto your device without you realising. Every time you type a password and username on your device, it is recorded and reported back to the cybercriminal.
A password hash i
s when an application scrambles your password so that they are stored securely. If a hacker were to figure out or find the hash, they would then easily be able to figure out your password and unscramble it, therefore gaining access to your account.
Hackers don’t always need to figure out or find your passwords. Often, they can guess. This is done by gathering or knowing information about your life, such as your kid’s or pet’s names, and then guessing your passwords, as many people use these important details to make passwords. It would not be difficult for the cybercriminal to discover these details as platforms such as Facebook and Instagram can reveal a lot about someone, or they might even already know you.
Now that we have covered the ways that hackers go about gaining your passwords, here are three simple but effective tips for you to follow:
If you use all three of these tips, you will not need to worry about hackers stealing your passwords and accessing your accounts.
- Have Complex Passwords
- Use a Password Manager
- Authorise Two-Factor Authentication