According to SplashData’s annual list of the top 25 common passwords, “123456” has been ranked first for six years, and “password” is the second. You are undoubtedly vulnerable to hackers if you use these common passwords.
Passwords are the gateway to user data and assets. Hackers can crack users’ passwords with a variety of techniques. Once a user password is compromised, the user will suffer big losses. So, it is helpful to have a good command of common types of passwords-hacking and take action to prevent passwords from being cracked.
Let’s take a look at how to avoid the common types of passwords-hacking:
Brute force attack
It is the simplest and oldest way to crack passwords. You need to try the possible passwords one by one. This method works very well with common passwords or short passwords that are made up of a few characters.
Almost all brute force password cracking software attempts to log in by using one by one the passwords in the common password dictionary. If none of them make the login successful, the software will then adjust the password combination to sign in. Use a brute force password cracking tool on a computer with high configuration and the hacker will be able to crack passwords in a short time.
Security tip 1:
To prevent brute force password cracking, many websites adopt some techniques on their authentication servers to block brute force attacks. For example, if a user entered the password incorrectly for a number of times that exceeds the limit, the user will be locked out of the account for a preset period of time or make the account frozen. Besides, some websites also require users to enter a randomly generated verification code while they try to log in. In this way, they can block login attempts from many password cracking tools.
Security tip 2:
However, those techniques cannot prevent all brute force attacks. Hackers can still perform brute force attacks on websites without high-level protections by exploiting their vulnerabilities. Thankfully, many social media websites require users to set more complex passwords for their accounts, which makes the time cost of brute force far more than the benefits. So, you should also create strong passwords for other accounts. Generally, it is recommended to use more than eight characters for your passwords and the types of characters should be over three. For instance, nine characters that contain uppercase letters, lowercase letters and numbers.
Remote access Trojan
If the user’s password is very strong, it is difficult to crack it by brute force attacks. Therefore, hackers will use remote access Trojans to monitor all operations of the user’s local computer. For example, a “keystroke recorder” can record the user’s keystrokes, and then pass the recorded keystrokes to the hacker in various ways. Then, the hacker can crack the user’s password by analyzing the user’s keystroke records.
In addition to keystroke logging, hackers can also use the mouse and screenshot to enter a password. The user’s screen is screened down by the Trojan program and the location of the mouse click is recorded. The user’s password is cracked by recording the mouse position and comparing the screenshots.
Security tip 1:
Don’t click on malicious links and download files from unknown sources. Chances are good that your device will be infected by viruses.
Security tip 2:
Install reliable antivirus software on your local devices so that you will be protected from malware infection. In addition, you should keep the antivirus software up-to-date. Check the antivirus software for updates regularly!
Phishing websites
Cybercriminals often set up a fake website to spoof users. The phishing website usually displays the same content and images of the official website. Besides, the domain name of the fake website will be very similar to that of the official website. Then, they will fool Internet users into visiting the fake website by promotion, ads or else. If you are not familiar with the official website or pay no attention to the differences, you won’t find out that you are visiting a malicious website. Once you try to log in to the website, the username and password that you entered will be obtained by the phishing site.
Security tip 1:
Don’t log in to your account on a web page from unknown sources. You should always check if the website is the right one that you want to visit and whether the website you are going to visit is safe.
Security tip 2:
Add the URLs of your favorite websites to your bookmark. Whenever you want to browse one of them, you can go to the page via the URL in your bookmark. In this way, you don’t have to be afraid of being tricked into visiting the phishing website.
Social engineering attack
Nowadays, in most cases, password cracking doesn’t target one user but a large number of users. As people register more and more accounts on the Internet, many of them have trouble in remembering so many passwords. Thus, they often use the same username and password for multiple accounts, which makes social engineering attacks the top concern for Internet users.
When the passwords database of a website is cracked, the hacker will try to log in to another website with the username and password from the cracked password database. Usually, hackers design a script to make login attempts. Finally, they will get the list of username and password that makes the login attempt successful on the other website.
Security tip 1:
Do not use the same password for different websites, especially those websites that provide similar services. For example, you shouldn’t use one password for all social media accounts. It is often the case that hackers perform social engineering attacks to websites the offer similar services.
Security tip 2:
Enable multi-factor authentication for your accounts if it is available, such as two-factor authentication. Two-factor authentication, as the name implies, verifies your identity by the password and another authentication factor when you try to log into your account. For example, in addition to entering the username and password when logging in, you need to enter the verification code you receive either via text messages or emails.
You may also like:
Are There Any Good Free VPN Services?
Are Your Passwords Easy to Hack?
WiFi Password Hacker Cause Data Leakage
How Do Hackers Crack Your Password?
How to Hack WiFi Password on Android Phone?
Is It Safe to Allow a Browser to Save Your Passwords?
How to Protect Yourself against Social Engineering?
How to protect yourself from phishing attacks
The above is the common password cracking method and how to protect yourself from them. If your passwords are still easy to crack, you’d better change them right now! It is also important to protect your devices with a trustworthy VPN, such as RitaVPN. It can not only ensure your data security but also unblock websites for you.
