3 Methods Cyber Criminal Uses To Hack Your Password

Praise Maukazuva, 7 Feb 2017

Most people use a convenient password that they can recall in the future.

According to the Cyber Streetwise campaign that was carried out by the U.K Government in 2016, it is said that 35% of the people struggle to remember their passwords.

Unauthorized access is a major problem for people who use computers, tablets, mobile phones and other computer devices, and passwords act as the main defense in protecting your data. Here are some of the methods used by cyber criminals to acquire your passwords, for fraudulent reasons.

1. Password cracking

This includes guessing the most common passwords used by people.

The “Most Common Passwords of 2016 List” researched by Keeper Security revealed that 17% of the people used “12345” as their password to secure their accounts. More weak passwords include “Password” which comes as the second worst password. “QWERTY,” on the other hand is also widely used. Besides it being rather short and letters only, which makes it easy to break down. However, the movie “StarWars” based passwords have been widely used lately.

An example of a strong password that can be difficult to crack is “My$3cur1ty#” for “My security number.” as it includes all the required characters.

So how do these cyber criminals crack passwords? Two most common ways are “Brute Force Attack” and “Dictionary Attacks”.

In Brute Force attack, every possible password is tried and tested until it finds the right password. This method is only suitable for short words, because the longer the word the more time it takes to test the password. Brute force attack uses a lot of software tools, such as Cain and Abel, John the Ripper and Air cracking depending on the operating system.

Dictionary attack uses a list of common single words from the dictionary. This method is suitable for long words, and it is more advanced as you can add symbols and numbers in front or at the end of the word. But the words have to be real dictionary words that are spelt properly which can be a limiting factor. Software tools such as brutus and crowbar are used.

Image: Dribbble, Kristin Fall Bonett

2. Malware

Spyware is an example of malware, a malicious code that can access your computer through downloading pirated files or simply clicking pop up ads that are infected. This malware monitors a user’s activities such as sites visited and programs that were run thereby tracking log in passwords and usernames.

Shockingly 80% of personal computers is infected with some kind of spyware, without their knowledge, as it works in the background silently making changes and recording activities.

Image: www.taringa.net

3. social engineering

This is a manipulative way of getting personal information from individuals, this information is then used for fraudulent ways. Types of social engineering include, phishing and scareware.

  • In phishing, you receive an email that will enable you to click a link that redirects you to a fake website asking your for your passwords and credit card details. An email may come as :

“You won $1 million! Click here for your reward!”

With all the excitement you are quick to click on the link that will require you to enter your password.

  • Scareware on the other hand, involves the attacker tricking you into believing that you have malware in your computer. They will act as if they are helping you get rid of it but in turn, they are making you download the actual malware.

The more developed we are in terms of technology, the more methods of acquiring passwords maliciously there are, advancing with time also.

However, There are many ways of keeping your data safe with a password that is difficult or impossible to acquire.

Tips on choosing a good password

People struggles to create a good password because they think that the strongest passwords are not easy to remember. This is not true. Below are some of the ways of creating a strong password.


Use of Long phrases with numbers, symbols, letters, lower cases and upper cases. The longer it is, the harder it is to break down.


You need to have a different and unique password for every service. Avoid using the same password for your E-mail services and also banking services.


Use of Biometrics. Nowadays mobile smart phones, tablets or laptops allow you to gain access to them using your fingerprints or through voice recognition. You don’t need to remember your password.


Use of Password Managers. Examples of these include LastPass, DashLane, 1Password and Norton. It can be in the form of a mobile application, that stores all your passwords, for every service. You just need to remember your master password that will unlock your other passwords. They usually come with a browser extension where you can log in to your accounts automatically.


The two-step Verification. During the signing in process, a code is sent to your mobile phone, and you are supposed to enter that code in order to gain access for example to your e-mails. However without the code, there is no access.


This consists of simple steps, that are easily ignored such as, not sharing the password, not to write it down, and also to change it regularly.

Implementing a few of these facts is better than not implementing any of them. However the goal here is to make sure that our Personal files and data are kept safe by a very strong password.