There are many ways that a password can be hacked. Cybercriminals have many resources and are always adapting and testing new ways to crack passwords and access your data. Here are some common password hacking tactics:
1. Dictionary Attack
This type of cyberattack technique attempts to guess passwords by using well-known words or phrases, such as words that you’d find in the dictionary. The cyber attacker keeps entering the words on this list until the password is guessed. Grouping your words together like “letmein” or “adminteamlogin” will not prevent your password from being cracked either.
2. Brute Force Attack
Similarly to the dictionary attack, brute force attacks take it one step further. Rather than just using words or combinations of words, brute force attacks work through alpha-numeric combinations and tries every combination in the book until it hits on yours. The cyber attacker uses software to try as many combos as possible. Brute force attacks are the reason why you need long passwords.
Why go through all the trouble of cracking a password when the cybercriminal can simply ask the user for their password. This is exactly how phishing attacks work. Phishing emails lead unsuspecting readers to click on a link which usually leads to a phony website where the scammers patiently wait for the user to enter their login information.
Secure Password FAQs
Here are some answers to common password related questions:
What is a strong password?
- A strong password is at least 10 characters long and contains capital letters, lowercase letters, numbers, and symbols. An example is Sv28Z93qwc76B@zs
- Stay away from the obvious.
Never use “password” or “123456” as your password and stay away from personal info such as your name or date of birth.
- Change your password every 90 days. Changing your password regularly makes it harder for hackers to crack your password. It’s not a perfect defense system, as the cyber attacker can have up to 90 days to perform their attack, but it does make things harder on them.
How do I make a strong password?
- Using a password generator is the quickest way to get a secure password.
Use a website such as PasswordGenerator.net to get a long secure password.
- Use a Phrase Method
The idea here is to think of a sentence and then transform it into a secure password. You can substitute letters for words, or just use the first few letters of each word. For example:
4B33rGo2WhBl! (For beer go to White Bluffs!)
2BorNot2B_ThatIsThe? (To be or not to be, that is the question)
John3:16=4G (Scriptural reference)
ABT2_uz_AMZ! (About to use Amazon)
Why can’t I use the same password for everything?
- Using different passwords gives you an extra layer of security.
Let’s say you use the same password for your bank account and for your Facebook account. If Facebook is hacked or if you accidentally click on a phishing link that looks like it came from Facebook, then the hacker will now have your banking password too. It’s also likely that the hacker will have your email address as well, which will make it even easier for the hacker to gain access to your financial resources.
How can I remember all of these complex passwords?
Memorizing all of your complex passwords for you various online accounts is a big challenge. We recommend using a password manager or service such as Last Pass to save all of your account passwords.
Does Two Factor Authentication (2FA) Help?
Two Factor Authentication (2FA) or Multi-factor authentication (MFA) is very useful to keep hackers out of your accounts. If your accounts offer this feature please use it! 2FA adds another layer of protection to your account logins. In addition to your password, you are required to submit a fingerprint, eye scan, token number, etc. for access to your account. Learn more about Multi-factor authentication from our MFA blog post.
What do I do if my password is breached?
If you think your password has been breached update your password right away and change any other accounts that might have the same password. Then contact our support technicians right away so we are aware of the possible breach.