Blog

Understanding How to Keep Hackers Away from Your Passwords

Almost every day, we hear of an incident where a hacker, or a group of them, take down some passwords and breach accounts. The rate at which these attacks are happening is going through the roof, and end-users are not helping the matter with poor password and cybersecurity practices either.

That is not a discussion for today though. Or, is it?

If you have always wondered how these hackers got into the accounts they breach at all, this is the piece you have been looking for.

Understanding the Hacking Game

There are diverse approaches to trying to hack an account. The approach that would be taken by a hacker would be dependent on the level of hack they are trying to pull off, the people they are targeting and the sophistication of the hacker themselves.

Below are the most common hacking techniques out there today

1 Phishing Attacks

We are starting with phishing attacks since they are the most common form of all data breaches out there. Even though they have been around for a long time, it is still surprising that they account for more than 90% of all password hacks and cybersecurity breaches.

A hacker usually begins this attack by sending a seemingly unharmful email to their targets. This email is posed to look like it comes from legitimate organization/ personnel so that the target gets more interested.

More often than not, the hacker will shape the email to look like it comes from a service (bank, website, app, etc.) which the targeted user is associated with.

Alongside the email comes a link which leads the target to a website made to look like one the potential victim recognizes. The website asks the target to enter their login details – and they do so, thinking they are logging in to their actual accounts on the actual service.

What the target doesn’t know is that their login details go directly to the hacker who can then use such details to enter the victim’s actual account.

2 Dictionary Attack

This attempt works best against people who believe in using passphrases. No matter how long the passphrase is, the dictionary attack will only need time before it cracks it.

An algorithm is trained with a file that contains all the words in the dictionary – which is essentially all the words you could have used in that passphrase too. The computer then starts running all possible words, word combinations, sentences and clauses to get the unique order of words which you have used.

Longer passphrases will take some time to hack, but they are not invincible against these trials.

3 Hybrid Attack

We cannot talk about dictionary attacks and not mention hybrid attacks. These password hacking techniques exist for the sole reason of finding out people who put in symbols and numerical characters with their passwords, rather than pure words.

When passwords like ‘iloveyoukate88’ will not be gotten by ordinary dictionary attacks, hybrid attacks will take care of those. After all, they will try all possible combinations of symbol and numerical substitutions with the dictionary words to make sense of your password.

4 Brute force attack

From the name, you should already know that this is not the kind of hacking attempt that has come to play. Due to the resources and time brute force attacks need to run, though, they are usually the tools of only sophisticated hackers.

What a brute force attack does is take into consideration all the letters of the alphabets, known symbols, and numerical characters, among other things. The computer runs all the possible combinations these characters could have in varying lengths to see what ‘unique’ password you must have on that account.

5 Rainbow table attack

One common password mistake is thinking big companies will always keep your password safe. If you ask Yahoo who lost 3 billion accounts to hackers, you would know that is not always the truth.

Truth be told, these big companies try their best to keep your passwords safe. They do this by storing your password info in the form of computer-generated codes (called hash) rather than plain text. The hash bears no semblance to your actual password too, neither in characters nor in the length.

That makes it impossible for a hacker with access to your hash to hack your account. Well, unless they have a tool called the ‘rainbow table.’

With that, they can easily reverse the hash so much, your password just pops out at them.

Can these hacking attacks be prevented?

Knowing all that you now do, it is easy to conclude that there is no protection against hackers. To that, we say yes and no.

Yes, because you cannot prevent a hacker from trying to break into your account. It is the same way you cannot prevent an automatic transmission vehicle in the drive gear from trying to move. Note, though, that the keyword here is trying.

The no part is that you can make them unsuccessful at breaking into your account even though they try. Doing so is as simple as:

  • Using strong passwords – When we say strong passwords, we don’t mean that ‘8-character mix of uppercase, lowercase characters and numbers/ symbols’ which many apps and websites are promoting these days. In fact, we don’t expect you to generate these strong passwords yourself. After all, there are a ton of great password generating softwares online that you can use to your advantage. The best part is, you can generate unlimited passwords with these services.
  • Using unique passwords – Never, ever, ever, ever (you get it already) use the same password for more than one account. In the rare case a hacker finds out one of your passwords, you don’t want that to be the master key into other accounts. Likewise, using unique passwords mean you can contain breaches and minimize losses if there are any.
  • Using password managers – The average person has tens of accounts to their name. Wanting to remember the unique passwords for each one (we are assuming you used a password generator) is impossible. That is where password managers come in to help save all those passwords for when you need them.
  • Download an antivirus – Most phishing attacks will be caught by an antivirus scanner. Fortunately, most of these can scan attachments and links from your emails and warn you against malicious content before opening such mails at all.
  • Don’t share passwords – Even if you had the best password habits on the planet, sharing such passwords with others instantly turns all you have been trying to achieve to naught. Keep your passwords safe and secure. If you must share your passwords, change them immediately you end the shared access.

Brad @TurnOnVPN

Brad Smith is a technology expert at TurnOnVPN, a non-profit promoting a safe, secure, and censor-free internet. He writes about his dream for a free internet and unravels the horror behind big techs.


TOVPN Organization introduction:
#TurnOnVPN is a non-profit organization focusing on a free and unimpeded internet for all. We take part in numerous online events, aimed at promoting a safe, secure, and censor-free Internet. Learn more at www.turnonvpn.org/blog/.