How Hackers Steal Your Password


Passwords are an evil necessity. Additionally, passwords are hard to remember unless you use the same one for everything, which is never advised. You have too many. Passwords are either being stolen through a systems breach, criticized for being too simple and too easy to hack, or they are simply too hard to actually remember because they are too long and complicated.

The truth is, passwords are used everywhere. It’s an easy and simple solution to data security if they are used correctly and protected with multi-factor authentication. And an easy way to remember all those long complicated credentials is to use a password management system like or (and many others).

The fact is, the simplicity of password technology leaves hackers an open door to stealing our information.

How Are Hackers Stealing Your Passwords?

  1. Credential Stuffing
    This is a way of testing databases or lists of stolen credentials like passwords and user names against multiple accounts to see if there’s a match.
    How to avoid this? Every password for every site should be unique. (Find out how safe your password really is)

  2. Phishing
    This is a method of social engineering. Hackers engage users and convince them to provide credentials for what they believe to be a credible and legitimate website.
    How to avoid this? Use 2-factor or multi-factor authentication on your logins. (What is 2-factor or multi-factor authentication?)

  3. Password Spraying
    This technique attempts to use a list of commonly used passwords against a user account name, like 123456 or letmein or password01 and many others.
    How to avoid this? Avoid using simplistic, easy to remember passwords. (What’s a secure password?)

  4. Keylogging
    Keylogging is mostly used in targeted attacks when the hacker either knows the victim or is specifically interested in the victim. Keyloggers record strokes you type on your keyboard. This gives them the ability to obtain credentials for some of your private information like secure forms and online banking.
    How to avoid this? You need to be running a good security solution that can detect this type of activity. In this situation, the strength of your password is not significant. Your endpoint security against infection is most important. (How can we help with endpoint security?)

  5. Brute Force
    Brute force is a tactic hackers use when they run algorithms against an encrypted password and the algorithm cracks the password and reveals it in plain text.
    How to avoid this? Ensure your passwords are of sufficient length. Anything 16 characters or over should do the trick.

  6. Local Discovery
    This one seems obvious, but does happen, and probably more often that you’d think. Local discovery occurs when you leave your password visible somewhere that others can see. Writing a password down on a paper, leaving it in an email, or giving it to someone who compromises its security are examples. The attacker finds the password and uses it without your knowledge.
    How to avoid this? Don’t leave your password lying around, written down where someone could find it, or give it to someone to use on your behalf.

The best solution for all of these is good password management, training on password hygiene for all of your employees, and a data security plan in place. All of these things can be maintained with our Managed Security Plans.


Recent Posts