Skip to content Skip to sidebar Skip to footer

How Can Hackers Get My Password?

How Can a Hacker Get My Password

With the digitalized era and Internet at its core, almost nobody can hide from the world: our face is tagged on security cameras, social media feed, the school’s official yearbook website, and many more. Those, however, aren’t even the gist of it, not when our digital credentials and secrets are at play.

Behind every minor and major cybercrime and Internet attack commonly encountered today, there'll be one or two (or more) hackers working the magic on their laptops or computers. Hackers aren’t all criminals, however, but that’s another story for another time.

We’re going to discuss something else instead: have you ever wondered how hackers get password and other sensitive information from people—all just by sitting in front of their devices?

By understanding several known methods used by hackers, you can at least be aware when faced with similar situations. You can also know how to avoid the potential of getting your every personal online account blown wide open.

1. Brute Force Attack

Intending to crack passwords, a brute force attack is where hackers form every possible combination, particularly an 8-character alphanumeric password until they discover yours.

As an upgrade from a dictionary attack (another outdated type of brute force attack that utilizes assumption about standard passwords), brute force attack appears exhaustive but actually pretty useful and fast, considering how advanced most computers are today. 

After all, brute force attacks still require time to run (around weeks and even months), but don’t let your guards down: better increase the difficulty and length of your passwords now than never.

2. Spidering

Spidering is pretty similar to brute force attacks, but they’re more targeted to people in business or corporations. Every word or phrase associated with a particular industry (the website names, taglines, flagship products, sales material, and many more) can be circulated to form passwords.

If you’re an office worker, you must be able to relate to every internal account and credential integration. From the fingerprinting device, email account, to an internal management system, some passwords are bound to be connected to the business itself.

Moreover, considering that every business works to increase their online presence, hackers have no problem in acquiring all relevant information. Given more efforts, they can prepare to execute a brute force attack soon.

3. Phishing

Ever since the email was around, phishing has been the most used technique to steal users’ information until now. Phishing somehow is like leading you to indirectly reveal everything, just from one click you get from your email.

Due to the highly detailed and accurate email craft from the sender, perhaps you lower your guard down and end up not suspecting anything. Usually, they claim to be from someone or someplace you’re familiar with: a colleague from work, a bank notice, a request to update personal information on your device, and many more.

Those emails are their weapons to deceive you for believing that they’re real or essential, which is when you’ll click on the link or attachment on the email.

You’ll then get directed to a specific webpage that looks legitimate but actually has been fabricated just like the original one. Once you’re logging in, it’s practically over: the site will then skim the entered password and other information.

4. Keyloggers

Keyloggers are a type of attack that works behind the screen: they’re hardly undetected but highly effective to track everything you type on the keyboard—hence, the name.

Phishing emails and malicious websites are the most common source for keyloggers, besides planting a wiring bug in the keyboard. Once they’re planted on your computer system, they’ll run at every startup and watch your every finger movement.

Your activity will come out as a log for the hackers’ information, and the next thing you know is that every password of important accounts, access to PIN codes, email logins, and other sensitive information is jeopardized.

On a larger scale, hackers can plant keyloggers in companies to spy and obtain their data in order to compromise and interfere with every business conduct.

5. Trojan Horses

Behind the sophisticated name lie splitting headache problem source for you and your devices.

As the most common kind of malware, Trojan horse disguises its attack behind a seemingly-legitimate software or app that is free for download. Nobody resists free installation, right?

Once you download and install the software into your device, the virus will work by infecting every patch and keygen, even the default trial programs. You’ll encounter no problem when running the app or device system in general, but the Trojan keeps working behind the screen.

There are so many types of Trojan horses, and in a way, they’re much more advanced than keyloggers. Hackers need to build the app and construct the virus—not to mention crafting it carefully, so the app at least looks okay and legitimate—all so that they can get you to download and use it.

6. Social Engineering

Forget about finding out what your passwords are. Why not just meet and ask you directly?

Some criminal hackers want to go at any length to obtain your information, one of which is by posing as an IT security tech or engineer. You can even read more about this particular hacking method from the book Social Engineering: The Art of Human Hacking by Christopher Hadnagy. The point is, though, this method is considered pretty fancy and well-prepared to the extent someone wrote a book about it!

You won’t even bother to suspect anything after seeing their perfect disguise in uniform, badge, work permit, and all that. Thus, you’ll end up giving the house or company’s network access, not realizing the danger that lies ahead.

We hope that you can keep your online information safe after knowing how hackers get password in general! One tip from us to conclude this reading: always be extra careful when receiving emails, link broadcast, or software download invitations that you never know before. You can never go back once hacked, and there’ll be no use of crying over spilled milk.