Post navigation


How Hackers Crack Your Password

Living in the 21st century means that your online life is almost as important as your offline life and being hacked is just as real as getting robbed. You would be surprised how much of your information is online. Your first name, last name, address, phone number, date of birth, email address, credit/debit card information, and down to your food preferences when you order pizza online. None of this information just disappears, it is all stored indefinitely and to a hacker this is a gold mine.

NOTE: Hacking and cracking are two different things. Hacking is making something work differently than it was intended to work. An example of hacking is SQLI (Structured Query Language Injection). Instead of a website sending the command (check if this username (username) and this password (password) exist) a hacker can inject his own command changing the sent command (give me everyone’s username and password in the database). Cracking is different where the cracker isn’t changing how the system works, but in fact using the system to his/her advantage. If the website doesn’t limit the amount of times someone can try to login the cracker may try a million different usernames and passwords until one works. Cracking is usually put under the category of hacking and usually referred to as hacking.

 A targeted attack is when a hacker specifically targets you to attack. Usually whenever your account gets breached, it isn’t because someone directly targeted your account, but rather that they targeted a specific website and you were caught up in the mix because you had signed up to that website.

Brute-Force Method – The brute-force method involves the hacker using every combination of numbers, letters, and even characters to try to find your password. This method is 100% guaranteed to work eventually…..This is because the method can take anywhere between a few seconds and 1 trillion years all depending on how strong your password is.

  • If your password only contains numbers = 10^8 = 100,000,000 combinations.
  • If your password only contains lowercase letters = 26^8 = 208,827,064,576 combinations.
  • If you password contains lowercase and uppercase letters = 52^8 = 53,459,728,531,456 combinations.
  • If your password contains all letters and numbers = 62^8 = 218,340,105,584,896 combinations.
  • If your password contains all characters on the keyboard = 81^8 = 645,753,531,245,761 combinations.

Protect Yourself Against This Method: You want to make sure that your password contains at least one number, one letter, and one uppercase letter for a total of eight characters or more (preferably more) It may seem like a bunch of hoopla, but you won’t believe how many accounts are compromised due to an insecure password.

Dictionary Method – Much like the brute-force method this method tries a bunch of passwords until one works, however unlike the brute-force method, this method doesn’t try random combinations of numbers, letters, and characters. The dictionary method uses a dictionary (list of words) that may be things like top 10,000 used passwords, all countries in the world, and all known English words.Protect Yourself Against This Method: To protect yourself against this method make sure your password not only has numbers and letters, but is also a unique password. If your password is octopus8 that is most likely a password that is vulnerable against a dictionary attack. Here is a list of the 10,000 most common passwords see if your password is in the list, if it is you should probably change it.

Phishing Method – This method isn’t a form of cracking or hacking (usually), but again all malicious acts online are usually referred to as hacking. The Phishing method is considered social engineering. Usually people who are tech savvy can immediately spot a malicious email, text message, or message on a social media. Going to the spam folder on my personal email it took me less than 10 seconds to find a malicious email.
Screenshot_2The email above is claiming to be from Skype and telling me to click on the link. DON’T CLICK ON THE LINK. The link could do anything from download malicious files onto your computer or redirect you to a website that looks exactly like Skype (or whatever website it claims to be from) and asks you to sign in. First, check the “From” email address if it’s genuinely from Skype it should be from, this email was from a bunch of random numbers and letters @ a random website. Also if you do click on the link make sure the website is in fact Skype. Look at the URL it should be not anything else. As soon as you sign in your username and password is saved and it will say that your username and password are incorrect. Change all your passwords if this happens. Usually the email might be saying that you won some money, a distant relative died and you are to receive a huge amount of money. It’s not just emails either. The websites may send a message to all the persons friends on Facebook or other social media sites (without the persons knowledge) saying “Hey (your name) go check out this website: (website) it’s hilarious!” and since it is coming from you’re friend you click on it and then the website sends the message to all your friends and so on and so forth.

Protect Yourself Against This Method: First, make sure you have a good spam filter, this is your first line of defense. Second, look at the “From” email if it’s not (name usually noreply)@(website the email claims to be from) don’t pay attention to it, mark it as spam. If the email is saying something that seems too good to be true, it probably is. Don’t reply trying to get more information, that tells the person that sent the message that your email is active and will try to trick you in the future. Be careful of links, files, pictures, videos, etc. These may contain viruses and or something that you wouldn’t want to see. If you get a message from your friend on Facebook saying click on a link, reply and say “(name) did you send me that message?” If they reply and say yea they did then it’s probably okay. If you want to be sure ask them what your dogs name or something they would only know.

In conclusion there are so many ways that a hacker/cracker can get your information that you can’t be 100% sure that your information is safe. What you can do is make it a lot harder for someone to try to get your information and be smart while you’re browsing the internet. You’re online presence is almost as important as your offline presence. Just like how you wouldn’t go out after a certain time or carry pepper spray to keep yourself save offline, it’s just as important to keep yourself safe online. As always be careful what information you put online and stay tech smart.

About Varand Abrahamian

Self-taught computer programmer. Learned my first computer language when I was nine years old.