Password protection is the most common login and data protection tool today. There aren’t many apps, websites or ecommerce sites that don’t require you to use password protection and that’s just to name a few. It’s often the chosen method of data protection by businesses because of its inexpensive costs and simple nature. When comparing it to today’s more tech-savvy data protection tools, like facial and fingerprint recognition, it’s the vastly cheaper option. The simplicity of password protection along with the many methods of password hacking, is why hackers try their hand at breaking through password protection and accessing = personal data. 

A simple password, (for some of us, the numbers 123456, or the name of our dog), is the only thing preventing a skilled cyber hacker from accessing our personal and financial information. That being said, it is important for us to do what we can to mitigate our chances of being hacked, and to inform ourselves of the methods hackers use to steal data. In this post, we will look at some of the most common methods of password hacking, and what you can do to prevent it from happening to you. 

1. Phishing

Here, hackers disguise themselves as people you know such as family members, friends, co-workers. They typically use email or text messages to convince you they are someone you know. These emails and texts will include a link or attachment that will either download malware to your device, or prompt you to fill out a form with your personal information. To avoid this type of password hacking, be cautious when opening up email or links that seem suspicious.

2. Brute Force

Brute force as a method of password hacking, is essentially when a hacker guesses at your password with a large number of combinations to figure it out. Hackers often use software to help them generate possible passwords, that allows them to try every possible combination of letters, numbers and symbols. To decrease the chances of being hacked via brute force, choose lengthy passwords that use “passphrases”. Passphrases use numbers or symbols in place of letters in a word and include spacing in-between words. For example, Get coFF3 on mOnd0y.

3. Malware

Malware refers to a malicious software program that is downloaded to a device that is used to steal data and information. Malware is one of the most frequently used methods of cyberattack and password hacking. Malware most commonly comes from phishing emails and texts but can also come in the form of online advertisements containing malware or websites with pop-up ads and “free download” links.

4. Keylogging

Keylogging is a form of malware software that a hacker downloads to the device of a target, that will record the device’s keystrokes, allowing them to gain passwords. You can prevent this by implementing security software onto your devices that will detect any keylogging malware. Also, remember not to click on any suspicious links that may be sent to you via email or text, as they could download keylogging malware to your device. 

5. Third Party

A third-party attack refers to when a hacker gains access to your passwords and information through an outside source. For a company, this may be a partner, vendor or anyone your company works with. Hackers will often target MSPs as they likely have access to their customers’ systems. To prevent a third-party password attack on your business, use a password management system to help you manage your passwords, and access to information. You can learn more about password management systems here. Why Every MSP Needs a Password Manager (passportalmsp.com) 

6. Credential Stuffing

Credential stuffing, or list cleaning, is when hackers test lists of stolen credentials or passwords, against multiple websites and accounts to see if it’s a match. Many of us often use the same passwords for multiple accounts and hackers know this. You can prevent credential stuffing by simply having a unique password for all of your accounts and logins. This way if your password gets stolen in one place, your information on all your other accounts isn’t compromised as well.

7. Guess Work (shoulder surfing, local discovery, password spraying)

Guess work, often referred to as “password spraying”, is just what it sounds like. It’s the instance where a hacker uses commonly used passwords or the information, they know about you to guess what your password is. To prevent a hacker from succeeding in their guess work, make sure that your passwords aren’t commonly used passwords. Here is a list of the top 200 most common passwords to compare against your own.

Even with the innovations like facial and fingerprint recognition, the least expensive and most commonly used data protection tool is the password, and it’s not going away anytime soon. Begin to protect your sensitive information by being intentional with the passwords you create, only share them when necessary, and be cautious of the links, websites and ads you click on.