No two internet hacks are born the same.
The way hackers approach one account is not usually the same way they will attack another. No matter what form of password model you are using, there will be one preferred hacking technique that works best for that.
We have made a collection of common password creation habits and how they are exposed to hackers.
1 Passphrases – Dictionary Attacks
In a dictionary attack, not only can hackers test every word in the dictionary, but they can also run a possible combination of all of the most commonly used phrases. Even if you used a passphrase that isn’t constructed as a sentence, this algorithm will find it out.
Examples: iloveyou, rockyou, abc123, etc.
Passphrases are believed to be unique since there are a lot of possible sentences in the world, and anyone would have to beat a lot of odds to find it out, especially if they don’t even know you at all. Quite frankly, that is true – but hackers don’t need to know you before they get things done.
2 Modified Passphrases – Hybrid Attacks
Examples: IMustBe0ff88, ILove12Kale79, MyMotherIs@Queen62, etc.
Other users will throw in some numbers and special characters for effect in their passwords. These special characters are supposed to make the password harder to crack, but they might not do much at the end of the day.
For these kinds of passwords, the dictionary attack will fail because such special characters might not be in the catalogue of words. However, a hybrid attack will take care of that.
The algorithm, in this case, just needs to be trained to recognize special characters and use them in possible combinations.
The computer will, again, run its course and find out what password is being used.
3 Hashed Passwords – Rainbow Table
There are no examples to show for this since hashes are computer-generated.
When you create an account on most services today, they don’t store your password information in plain text since that would make account breaches easier in the case of a database compromise. They, rather, store the password as hashes – a string of computer-generated codes which makes it impossible to decipher the password.
The good news about hashes is that they are neither the same length as your real password, neither do they bear any semblance to what codes you used in the password at all.
If a hacker were to get a hold of your hash, they wouldn’t be able to hack into your account anyway – unless they had a rainbow table.
With a rainbow table, hackers can reverse the hash so much that the real password behind it pops out at them. Even the big corporations are not safe against this kind of attack.
4 Advanced Passwords – Brute Force Attacks
If the name suggests that this is a serious form of attack, then you are right in assuming that too.
Brute force attacks are usually tools of professionals. They are the ones who have the kind of time and resources that this attack takes to set up.
They can be seen as an extension of the hybrid attack on a bigger scale. Here, the software runs through any and all characters – numbers, alphabets, symbols, phrases, etc. – which the password could ever be based upon.
It can be likened to taking a battering ram to a door – it might take a while, but the door would most likely give way at the end of the day.
5 General Passwords – Phishing Attacks
If you don’t know what phishing attacks are, you probably don’t know that they are the king of all social password hacks out there too. In fact, they have been around for as long as can be remembered, and they are being modified for use year after year.
Phishing attacks take the form of emails or texts from a hacker impersonating a legitimate establishment. The body of the message will lead the user to take action, and a link is provided to allow them to access the action page easily.
Such links will usually lead to a fake login page bearing semblance to that of the impersonated organization. Once the user enters their login details, the hackers get this information on the back end in real-time.
This means they can now login as if they were the real user on the actual account, not the fake one.
All these increasingly powerful methods might make it seem like there is nowhere else to run, but that is not the case. All you have to do is:
- Ensure you set strong passwords. We recommend employing online password generators for this. These software solutions are available on the internet for free
- Download a password manager to store your passwords and
- Never share your passwords with anyone
Doing all the above will not stop hackers from taking the hypothetical battering ram to your door. However, it will make sure they have to wait several years for that single door to yield. Trust us: we don’t think a hacker will wish to stay working on a single account for that long.