How Do People Hack Your Password?by G.S. Jackson
A common form of account security is password protection. Users employ passwords to protect personal data as well as online account information. Accordingly, hackers spend much time and effort designing tools and methods to discover user passwords. These methods can range from sophisticated software and Internet monitoring tools, to psychological tricks intended to extract information from the user.
A hacker can gain access to passwords (as well as other confidential information) without even using a computer. "Social engineering" is a term used to describe when a hacker uses physical or psychological tactics to gain a user's password from the user. Something as simple as stealing a password written on a piece of paper can give a hacker access to a user's personal information. More elaborate examples of social engineering involve digging through dumpsters full of discarded paperwork, or inconspicuously interviewing a user (or users) for personal information that may give insight into passwords and security methods.
Another method of password hacking involves the theft of data travelling through network connections. A hacker using particular software (a "network sniffer") can examine each piece of data that travels over the monitored network. This allows the hacker to steal transmitted passwords that users enter while accessing network resources. Also, malware or adware that a user may unknowingly install along with other software may log user passwords and other information and send them to hackers.
Certain software exists that will attempt to "crack" a password by trying different possible variations until the correct password is found. A program used by a hacker may simply try words from a dictionary until it stumbles across the correct password. Another cracking method, called the "brute force" method, involves trying every possible combination of characters until the password is discovered. A hacker can crack even complicated passwords given the time and resources.
Websites that contain large user bases, such as Internet forums or online shopping sites, store passwords in their personal databases. A hacker can steal files from these databases, giving them access to the passwords of thousands of users. A user has no control over this theft: the security of a password rests in the hands of the company the user does business with.
Many sites that use password protection also offer services to recover forgotten passwords, often by requiring the user to answer several personal questions. If a hacker gains access to personal information, he can answer these questions and gain access to an account. Often, these services will offer to send the forgotten password to the user's email. If the hacker gains access to an email account, however, then other passwords for other services can be obtained or reset through use of the email.
- photo_camera login image by Edvin selimovic from Fotolia.com