Password hacking is now so rampant these days, the next one is just waiting to happen. It is frightening that the big companies spending thousands of dollars on password security are some of the biggest victims of the attacks. That alone could make the average user give up any and all hopes of ever protecting themselves against these hackers at all.
If that is you, all that ends today.
How about we show you the inner workings of a standard hack – and how to make sure you are not caught out on rainy days?
Knowing Your Hackers
Perhaps the biggest mistake people make is not underestimating their hackers, but overestimating them. While doing so would have made sense in most other settings, it is counterproductive here.
When the word ‘hacker’ is used, many users tend to think inline of computer guru with a very high IQ, probably finishing from one of the Ivy League or other top schools in the world.
Such thinking will do you more harm than good. After all, if all hackers were like that, you would be well convinced that such a high-profile individual has no business with your Facebook account – or any other account for that matter.
In reality, a hacker could be a 15-year-old middle school kid with access to the dark web where they can get some password hacking tools. These tools don’t need to be as sophisticated as the elaborate setup you see in movies but just functional enough to get the job done, and they are cheap too.
So, if anyone and everyone can get their hands on these tools, they can come after just about any account you have at all.
Now that you know who your hackers are…
How Hackers Compromise Your Devices/Accounts At All?
Do you think hackers have to manually try different passwords on your devices and/ or accounts before they get in? If that was the case, we would not be seeing a lot of data breaches at all.
Something common to all of them is that they usually rely on the speed and power of their computers. What is not common to all of them is the unique way they go about the hack.
We have compiled some of the common hacking methods out there today, and explained them below:
We are starting with the dictionary attack since that is what most hackers would also begin with when breaching accounts and devices.
As the name implies, it relies on using the words in the dictionary to guess what your password will be. In this case, the hacker trains their hacking algorithm with a dictionary file so that the commuter gains knowledge of all the possible words in the language being targeted for the hack. The computer then starts running millions of words in the dictionary in many different combinations.
This means the algorithm will try all of:
● Single words
● Multiple words
● Clauses and
● Phrases, to mention but a few.
We don’t need to spell out what kinds of passwords this approach will attack. If you have been thinking that the 7-word long phrase you have for a password is the most security you need, now might be the best time to rethink that decision.
This belongs just under the dictionary attack because of users who get creative when choosing their passwords. Likewise, hybrid attacks take their root from the dictionary attacks too.
Users have become versed with letter and number substitutions these days. People also have a habit of including not only numbers but special characters into their passwords. That is where you get passwords like ‘iloveyou88,’ ‘daddyis70nextyear,’ ‘p@ssw0rd’ and so much more.
With standard dictionary attacks, these passwords would be untouchable since they are not normal spellings. With hybrid attacks, though, these passwords are as naked as can be.
The aim of hybrid attacks is to combine special and numerical characters with normal words which can be found in the dictionary. A standard computer has enough processing power to run many such combinations in a short time, and there is no telling what a supercomputer would do.
Almost everyone with a working email address has been targeted by a phishing scam. Besides being one of the most common attacks which account for over 90% of all data breaches, it also happens to have the highest success rates.
Here’s how it works:
The hacker creates an email which looks just like it is from a legitimate organization, and they include a link with such emails.
They could impersonate your bank, office, business partners or any other sensitive personnel that you would normally trust when composing this email. The link they send you will also lead to one of the websites you normally use – or so you think. In reality, what you are seeing is not the website you are used to but a lookalike designed to fool you.
Once you enter your login details on such websites, the hacker gets the information and can access the actual account on the actual website. This is an elaborate scam that is usually as brilliant as it is deadly.
Man in the middle attack
Think about making a call from a landline in the home that is linked to every other phone outlet in the home. Whenever someone is making a call from one part of the house, another occupant of the same house could pick up a receiver at another end and listen in on the same conversation.
That is the concept behind the man in the middle attacks.
In this case, the phone connection is a Wi-Fi connection, most likely a public Wi-Fi network. These networks lack encryption, allowing hackers to set up shop on them – which also allows them to get in the middle of your conversations.
Your computer (phone or laptop) serves as the main receiver while the hacker’s computer serves as the listening phone. When you try to do anything on the internet – communicate with someone, buy stuff online, check emails, etc. – the hacker is also getting a copy of this activity on their end.
Even if they don’t hijack your conversation at that point, they could learn more about you than you would have revealed. Tapping into private conversations could allow the hacker impersonate you, or retrieve a piece of information to blackmail you.
In another instance, they could steal your passwords and credit card details if you use any of those while on the network.
No matter how you look at it, it doesn’t end well.
Brute Force Attacks
If there was a game of brains versus brawn in hacking technology, brute force attacks will win the brawns battle every time. This approach is the least subtle to hacking any password, and it would give all it can to make sure an account cracks.
In reality, a brute force attack could be likened to breaking down a door with a battering ram rather than trying to gently pick the locks.
Enough descriptions. How does this really work?
Brute force tries all the possible characters in the alphabet with all the known symbols and numeric characters too. This is the password attack that can succeed where others have failed, so no one is safe from it at the end of the day.
However, you would not see many hackers using this approach due to the sheer time and resources needed to ensure its success.
Can you prevent your passwords from getting hacked?
Getting through those five is surely going to give anyone who cares about their security some scare. It almost seems like no matter what kind of password you choose, there is a dedicated method to hacking it.
Truth be told, you have to give it to these hackers for trying so hard at all.
What we should probably get out there as fast as possible is that there is truly no password that cannot be hacked. As long as it contains characters of any kind, a computer can run through the many possible combinations and find it out.
That is surely some bad news. Guess what, though? There is good news.
When we say no password is inherently invincible, that is relative. While you would be able to crack some passwords in mere minutes, some will take several years to crack. To put that in another way, hackers will take years – with the fastest computers – to crack some passwords.
We don’t know about you, but the hacker will be better off trying other accounts with weak passwords than staying on that single one for multiple years.
Thus, while that password is not invincible (since the hacker could have gotten it after many years if they could have waited), it can be termed uncrackable. That is the kind of password you want!
Employing password best practices
Now that you know all the above, here are some tips to help you get that uncrackable password while also keeping your accounts/ devices safe on other fronts.
● Use unique passwords – Setting unique passwords for each and every account you have is not just for the fun of it. That is how you ensure a single attack doesn’t snowball into bigger problems for you. Putting things in context, a single password across multiple accounts means a hacker now has access to not only the account they breached, but every other one with the same login details.
● Never use password variations – Just because we asked that you set different passwords for different accounts doesn’t mean you should use variations of the same login details. That means you don’t get to use ‘September2001,’ ‘September2002,’ ‘September2003’ and such for three different accounts and call it a day. In the end, all three are almost the same thing and would be found out just the same way. That leads us to the next point.
● Use password generators – The human mind is very powerful, but it can also be very predictable. That is why you would naturally be drawn towards words, phrases, and numbers that mean something to you when creating passwords. That makes it easy for hackers to get your password too. To get out of this bind, employ online password generating software to create strong passwords for your accounts. These software are free to use, and they create new passwords at the click of a button. You can generate hundreds of highly secure, uncrackable passwords with them in mere minutes.
● Download password managers – There is no way you would use password generators, keep to a single password per account and still think you would remember all that. Since you don’t want to always have to click on the ‘Forgot Password?’ button, a password manager will do wonders for you. You get to store all your passwords and access them wherever you want to login to any of your accounts.
● Restrict password trials – Most accounts (offline and online) now come with a feature that allows you to restrict the number of wrong login attempts that could happen on them. When this is not automatically incorporated by the provider of the app/ website/ platform, there is usually an option to do it yourself. On enabling this feature, your account goes on total lockdown if someone tries the wrong password a set number of times. This is a great way to keep brute force attacks far from your account.
● Download a VPN – Getting onto public Wi-Fi networks should be a no-no for you. If you must, a VPN will be your best friend. Due to the tunneling feature built into VPNs, your internet data is passed through a ton of servers which acts as tunnels so that only your computer (the source server) and app/ website/ platform you are accessing (the target server) can read your internet traffic. Anyone trying to snoop on your data will get lost in the data trail, keeping you away from the man in the middle attacks
● Download an antivirus – Antivirus software will help protect you against malicious software in apps and files which could be used to silently gather sensitive data about you. These antivirus scanners will also run through your emails before you open them so you don’t fall victim to malicious links and files they could contain.
Note that the scanners won’t always catch everything, so you have to be vigilant too. Don’t forget to always update your antivirus software so that it stays up to date with current virus definitions too.