The assumption that passwords are safe and secure is perhaps one of the most misleading in the digital age.
Hackers are continually coming up with different ways of stealing your passwords on top of exploiting and modifying the existing methods daily. Unfortunately, most people are ignorant of how hackers steal passwords and the fact that anyone could be a target. Static passwords can be compromised in various ways, and you need to understand the hacks before you can protect yourself against them.
Brute force refers to cyber-attacks, where the hackers try to crack users’ passwords by trying the possible combinations of the password. At times, hackers start with a known password that may have been leaked online and try searching through usernames to find a suitable match in what is known as a reverse brute force attack.
It is impossible to attempt multiple password input attempts on a web form such as the login page of a social media account. Therefore, hackers try to gain access to the internal database where they can then attempt to crack the passwords for as long as they would like. Usually, brute force hackers use GPUs to increase the speed of their attacks since GPUs carry out brute force calculations much faster than CPUs.
Brute force attacks work by relying on common password combinations instead of making blind attempts. People are prone to recurrent patterns, which can be observed in their passwords. For instance, most people include the numbers after their passwords such as GreyDuke123. Using a list of common password combinations is known as a dictionary or rainbow attack.
In the internal database, passwords are represented through a hash function, which is one-way encryption that represents every text, digital image, or file as a unique fingerprint. Identifying what the hash function represents in a single database is impossible. However, with common password combinations, the hackers can try to find similarities in the hash functions. For instance, the hash function that denotes “123” or “Grey” in the above password would be similar even in a different database.
The database managers should use “salting” where each password is assigned unique random numbers. The salt feature would then influence the hash function such that each password combination would be different. For instance, “Grey” and “Grey!” would have different salt and hash values. As an individual, increasing the length of your password and including random characters within the password would make it harder for brute force attacks to work.
Phishing attacks are social engineering attacks where hackers rely on the manipulation of human behavior and relationships to gain access to sensitive information such as your passwords. The hackers would send you information posing to be a legitimate organization or individual, which prompts you to take action and either hand over sensitive information or download malware onto your device.
For instance, the hackers would create a tab that looks similar to your bank login web page and sends you an email asking you to confirm something in your account, such as a purchase that you never made. You would want to find out what kind of purchase that is and using the link in your email after which, you would be redirected to their created page and use your login credentials to sign in.
From there, they would have access to your password and username and could use that to find other accounts where they are both used.
A different attack would be where instead of redirecting you to a prepared site, they would ask you to download a file. The file would then install malware such as a keylogger into your device using which they can gain access to all your passwords.
To protect yourself against phishing attacks, you should always double-check the URL of any link before visiting and never download content before confirming the identity of the sender. If possible, you should create bookmarks for the sites and use those instead of using links sent to you.
Additionally, using password managers could help you avoid phishing attempts since the password manager fails to recognize a fake site. Installing an antivirus should also help get rid of any malware that may be installed on your device.
Instead of taking the effort to steal your information from a database or struggling to deceive you, some hackers resort to intercepting your passwords directly from your Wi-Fi network. The easiest to intercept would be public Wi-Fi, with open Wi-Fi being an all-access-pass for the hacker. All the hacker has to do is wait for you to connect to your network, and when you use your password and any other sensitive information, they can intercept it.
At first glance, Wi-Fi appears to be secure and invulnerable. However, as we learned from the KRACK attacks and the recently discovered Dragonblood vulnerabilities, it is better to be safe than sorry.
To protect against Wi-Fi hacking, you should first avoid using public Wi-Fi if possible and open networks at all costs. More importantly, you should install a VPN on your device, which encrypts your network and protects you from hacking.
Shoulder surfing is a simplistic but effective way for hackers to steal your passwords. As the name suggests, it is where hackers overlook your shoulder as you type in your login credentials and then steal the information. If you often use your devices in public, you should be very careful as you are most at risk of falling prey to shoulder surfing password theft. To protect yourself, you should use password managers which automatically fills in your password details in any site that you want to access.
You should place a significant amount of effort into password security, especially since there are so many ways that it could be compromised. You should put your focus into protecting your passwords as an individual since there is little guarantee that the sites you use your passwords on are secure. More importantly, you shouldn’t overlook anything; Even methods that appear to be simple such as shoulder surfing could lead to password theft.