The 5 Most Common Tactics Used To Hack Passwords

Ads by Google

wordpresslogin   The 5 Most Common Tactics Used To Hack Passwords When you think of a serious security threat, you may think of some clever malicious program that steals your data or takes over computer. In reality, you’re just as (if not more) likely to be hit by a much simpler breach – a hacked password.

Once someone has your password for an online account, they can use it however they like. There are a number of methods commonly used to obtain a password, and knowing them can help you protect yourself.

Trying Common Passwords

top20passwords   The 5 Most Common Tactics Used To Hack Passwords

Any hacker trying to break through a password will first try the most common passwords in the book. Silly though it may seem, a disturbingly large number of people rely on passwords that consist of just a few common numbers of letters. Even the word “password” is commonly used as a password.

Hackers know this, and can reference common passwords to try and gain entry. Though it won’t work on most passwords, it works frequently enough to be worth a try. If successful, the hacker can lean back and sip his Mountain Dew.

How to Protect Yourself: This one is simple. Don’t use common passwords. This includes single words, popular phrases, and simple combinations of a particular character type (like numbers). Even passwords like “superman” and “dragon” are common enough to earn mention in some studies of commonly used passwords.

Ads by Google

Social Engineering

facebookinterests   The 5 Most Common Tactics Used To Hack Passwords

If commonly used passwords don’t work, and a hacker knows the owner of the password they’re trying to bypass, social networking can be used to try and figure out what the password might be.

Hackers know that people who don’t use common passwords are still likely to use passwords that have some personal significance. The password might be the name of a pet or a favorite TV show. Such information is often included on social networking profile.

Should trying this tactic still not work, the information available on a social network can be used to construct phishing attacks. Perhaps the target lists that they play a popular online game. A fake email could then be sent asking for password information or linking to a site where password information must be entered.

How to Protect Yourself: There are two steps you can take here. One is to make your social network private to people who are not your friends, and the second is to make sure that you don’t use information about your personal life to form a password.

The Weakest Link

sitehacked1   The 5 Most Common Tactics Used To Hack Passwords

Should a hacker still fail to guess a password, they’ll have to start breaking out some true hacking skill – but perhaps not much. Most people use the same password on multiple sites, and many use just one password for everything. Hackers know this, and they also know that many sites have weak security.

Using the information found while reviewing your social networking profiles, a hacker may be able to identify sites you visit. Some are sure to be heavily guarded. Others, however, probably aren’t. They may be vulnerable to simple exploits that allow for the retrieval of stored passwords, and the owners may never even realize they were hacked. Alternatively, a brute force attack might be used.

How to Protect Yourself: Don’t use a single password for every website. Ideally you should use a different password for every site, but that can be difficult. A compromise you might find effective is to use the same password for low security risks, like a blog you visit and comment on, but use unique passwords to protect more important accounts, like your web mail. Yet another option is to use a password manager.

Sniffing Wi-Fi Packets

wifi2   The 5 Most Common Tactics Used To Hack Passwords

Open wireless networks can be a nasty security issue because they are – well – open. Information transmitted on them can be picked up by anyone within range of the network, and that includes passwords.

Wi-Fi sniffing can be utilized either personally or impersonally. If someone is trying to hack your passwords specifically, they might see if you frequently visit a place with open Wi-Fi, like a coffee shop. Or a hacker might just set up an operation in such a location and pick up as many passwords as possible.

How to Protect Yourself: One answer is to just not use open Wi-Fi, but that’s not a realistic expectation for everyone. If you do use open Wi-Fi, make sure that you do not log in to sensitive accounts. If you have varied your passwords, you’ll be safe if a hacker obtains your less sensitive passwords. Also use HTTPS whenever possible. Many sites can use it, but some offer it only as an option.

Keylogging

revealerkeylogger   The 5 Most Common Tactics Used To Hack Passwords

Like sniffing Wi-Fi, keylogging can be used personally or impersonally. Using information gained about you while attempting to guess your password, a hacker might find a way to send you a file that you think is legitimate but actually contains a keylogger. Once installed, it can detect your passwords as you enter them.

A keylogger can also be installed as a part of any piece of malware to hack passwords. The information can then be transmitted to a location where it is compiled and passwords found. Such wide-scale keylogging attacks don’t focus on any particular person, but can be just as damaging.

How to Protect Yourself: Security software can help detect keyloggers and prevent them from being installed on your system. You can find effective solutions for free, so there’s no reason to skip it.

Conclusion

Do you have any tips that can help beef up password security? Let us know in the comments. Makeuseof readers are likely to be a bit more security-aware than the average, but nobody is perfect. Sharing information can help us keep our passwords as strong as possible.

Ads by Google

5 Comments - Write a Comment

Reply

Sheila Warner

Always check for password strength before using them for your accounts. A combination of upper case, lower case letters including numbers and special characters is a must. other than that, use an anti-logger, personal keyscrambler and a browser protection plugin that prevents hijacking.

Jeff Fabish

Keyscrambler is a good utility, but highly fallible. KeyScrambler works by using a driver-intercept on the Windows kernel to encrypt keypresses just after the TranslateMessage() function is called. TranslateMessage is responsible for taking peripheral device input and assigning it an ID so that Windows knows what key the user pressed. If malware manipulates the message, keyscrambler is completely useless. 64 Bit Windows users are immune to this attack, as it doesn’t allow the Windows kernel to be patched.

Likely? Not unless the programmer had a detailed understanding of Win32 programming, which most don’t. Most keyloggers are downloaded from underground forums, modified slightly (to offset anti-virus signatures) and binded to a trusted application. 

You can detect a binded application several ways, the easiest of which is to download the software directly from the authors site and compare the file’s hash with the original. If they don’t match, something was modified.

Reply

Matthew Ashman

Regarding keylogging, a good ploy is to type your password into a new plain text file (using Notepad/GEdit/Kate/whatever) when you start your session, then copy+paste each time you need it, and obviously not save the file when you exit your session…

Jeff Fabish

Either way, it will have been typed and the keylogger will have recorded it. More over, most keyloggers have a peak-clipboard ability, where it can view whats in the clipboard. 

Reply

Jeff Fabish

Good article, Matt!

On open WiFi hotspots, you can also use a vpn to encrypt your traffic.

Blackhats may use ‘password lists’ or ‘dictionaries’ which contain passwords that hackers have had success with. Anyone can download these lists (they can be quite large), I suggest everyone does so, then compare the password that they are using to that list. If it’s on that list, your password is vulnerable to this attack. There are several tools that will run your password through this check.  

I can’t stress enough how important it is to limit the information you expose on your profile. Simple things like when someone you don’t know messages you asking you what time it is. Sounds innocent enough, right? Well that can be used to pinpoint your location via your time zone. Remove ‘friends’ you don’t speak with and applications you don’t use.

The easiest method to get someones password is by using a trojan. People are still too trusting when it comes to opening & running applications. Only download applications from websites you trust and scan all the files you download with your local anti-virus/anti-malware along with an online scanner, such as Virus Total or Jotti. If you run Windows default configuration, showing file extensions for known file-types is disabled. What this means for you is that Windows will show a file as being “Image.jpg” (not an executable) when in reality it may be “Image.jpg.exe” (executable).

Your comment