In every movie with a hacker, there is always that scene where the hacker must guess the right password. A blinking cursor in the password field looms on a large computer monitor. The hacker is usually under a lot of pressure, with the seconds counting down. They make one or two wrong guesses, before finally typing the right password, and presto! They’re in. Now they can launch the missile, or stop the missile from launching, or steal all the evidence that will incriminate the
From what we see in movies and pop culture, you would think that “hacking” is a matter of guessing a few passwords and instantly gaining access to something. You would also think that it’s usually a solo hacker targeting a specific person for a specific reason – perhaps because their target is a millionaire or the CIO of a
But what you see on the big screen is pretty far from the truth about how hackers get passwords and how they
When hackers are trying to get passwords, they don’t guess them one by one in a password field. Instead, they have a toolbox of software programs and databases to help them figure out credentials that
First, most passwords that hackers have access to are stolen in large data breaches from popular online services. When popular services like LinkedIn, eBay, and Adobe have millions of records leaked, the passwords stolen in those breaches are compiled in large databases. Less
Or, if a hacker knows an email address for a user’s account, they can use “password spraying” where they test known passwords
According to Akamai, there are at least
And let’s not forget phishing. With large databases full of email addresses, it’s very easy for hackers to send millions of emails every day. Oftentimes, these emails impersonate legitimate services, like banks, and trick people into giving away personal information. The person might click in the email and be sent to a login page that looks legitimate, but actually just harvests their credentials for the hacker
It’s much less likely (though still possible) that hackers will actually hack into your computer. It’s much easier for them to use credential stuffing, password spraying, and phishing to try to find valid credentials to take over an
But there are other ways hackers can try to steal your information. Sometimes phishing emails contain malicious software, or malware, either in attachments or in embedded links. By downloading the malware to their computer, people increase the likelihood of having a keylogger installed that can then capture their passwords and send it to a hacker. Or, people might download ransomware that allows hackers to extort you for money or information in order to get your
If someone has access to your physical device, at home or in the office, it’s also possible someone could try logging in directly on your machine. If you have your passwords written down in an
Most of us aren’t very attractive targets for hackers – we likely aren’t millionaires, or hold
Now that we’ve demystified password hacking, you’ll see that simple actions can help significantly reduce your risk of being a
First, don’t reuse passwords. A password manager can help you generate unique passwords for every single account
Second, add multifactor authentication where you can. If a hacker manages to obtain your username and password, MFA requires additional login information that the hacker is very unlikely to have
Three, be aware. If a service you use tells you about a data breach, update your password. Enroll in dark web monitoring so you are aware of any data leaked online and can
With just a few simple steps, you’ll drastically lower your chance of having a hacker get your passwords or hack into your computer. When you’re no longer an easy target, hackers are much more likely to give up trying to hack you. You’ll better protect your sensitive information, your finances, and your identity from theft