Limited time offer










Search blog

Subscribe to RSS


How hackers steal passwords

Most people understand the need to have strong passwords though a large number, seemingly with bloody-minded intent, insist on using passwords that are frighteningly easy to crack.

With this in mind here are some common methods hackers use to steal passwords. For those of you who haven’t got around to using strong passwords what follows might make you sit up straight and get cracking on creating strong passwords.

Mass attacks

You’re no doubt familiar with the almost steady stream of news about how company XYZ had its database hacked or organisation ABC left a door open for hackers to walk right in and walk back out again with an armful of personal data.

Typically this type of information includes names, addresses, passwords and so on. Most organisations when storing this data will ‘hash or ‘salt’ their databases. This means the data is scrambled. Sounds good right?
Well, actually no. Hash combinations tend to be universal. For instance the password ‘12345’ when hashed becomes ‘df6f58808ebfd3e609c234cf2283a989’. Now you might think this is robust but unfortunately hackers have a range of tools that enable them to decrypt hashed passwords.

Some hackers use computers that can try over 300 billion hash combinations every second so that ‘robust’ hash suddenly looks seriously vulnerable.

A lot of stolen database information ends up for sale on the dark web. Fraudsters buy up this information, run their decrypting software, crack the password details.

Phishing attacks – fake websites

Cyber fraudsters are a deeply devious bunch.  One of their favoured tricks is to set up a website that looks like the real deal, for instance your bank or a well-known retail site. For instance, you receive an email purportedly from your bank asking you to follow a link.

If you follow the link through to a website and enter your password it’s immediately stolen. Cunningly, once you have entered your information and it has been captured by the fraudsters, you are then often redirected to the legitimate site.

BullGuard protects your computer from hackers


Phishing attacks – trojans

This is a variation on the above method. You receive an email promising untold riches or life after death, or at least something that compels you to open an attachment. If you click the ‘intriguing’ attachment, unknown to you a key-stroke logger is downloaded into your browser.

Every detail you then type into a webpage, including username and passwords, are recorded and sent to the hacker.

Brute force attacks

If a hacker gets your email address you might not think it’s a problem. After all what’s an email address without a password? Well to hackers it’s both a key and a door. All they need to do to find your password is apply brute force cracking tools. These can be downloaded freely and given that ‘123456’ is still the most common password on the planet, most passwords can be cracked with alarming ease.

Public Wi-Fi monitoring

There’s a simple thing you need to know about public Wi-Fi – data is not encrypted so in theory hackers can see everything you do. If you have logged into an account your password could already have been stolen. Wi-Fi traffic monitoring is a simple attack; a hacker uses an application that can easily be downloaded from the internet for free to watch all traffic on a public Wi-Fi network. Once you enter your username and password, the software notifies them and the hacker intercepts the information. It’s as simple as that.

How to protect yourself

  • Clearly the golden rule is to use strong passwords, ten or more characters and a combination of upper and lower case letters, symbols and numbers.
  • These types of passwords will defeat ‘hash’ cracking methods and brute force techniques
  • Don’t carry out sensitive transactions on public Wi-Fi such as banking or making online purchases
  • Use security software like BullGuard Internet Security. This multi award-winning protection flags up phishing attempts, identifies malicious websites and stops malware downloads such as key stroke logger downloads

Written by Steve Bell

Steve has a background in IT and business journalism and has written extensively for both the UK national and trade press including The Guardian, Independent-on-Sunday, The Times, The Register, MicroScope and Computer Weekly. He's also worked for most of the world's largest IT companies producing content producing. He has a particular focus on IT security and has produced several magazines in this area.

More articles by Steve Bell

Leave a Reply




Please enter the code

Please enter the captcha code!

Security code

Ranked #1 by industry experts

BullGuard Internet Security Cup

Internet Security

Free download
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.