How easy is it for a hacker to crack your password?
Nowadays, for most of us, it is easy to believe that we are completely safe on theWeb. Modern life makes us choose one of the endless websites that we are part of. When we consider the real-life chance that an individual will be hacked in a given year, we find it impossible not to think of something we've heard so many computer users say: "It won't happen to me."
FREE role-guided training plans
Learn about cracking passwords
Discover key forensics concepts and best practices related to passwords and encryption. This skills course covers
⇒ Breaking password security
⇒ Breaking windows passwords
⇒ Two-factor authentication
Start your free trial
What are the chances you'll get hacked? If we look at some examples:
- A couple of years ago the National Cyber Security Alliance estimated the chances of a small business being hacked at 20% each year
- More figures from the UK show that there were 2.5 Million recorded cyber-crimes in Britain in 2014. Despite this accounting for ten percent of the population, KPMG commented on the release of the study that due to so many incidents being unreported, the true figure was probably far higher.
This suggests that compiling a range of studies places the annual percentage of getting hacked (in some way) at just below 31% – around a 1 in 3 chance. Yes, one could be pedantic about the sample sizes, but these studies are often rather subjective. We still arrive at around a 1 in 3 chance of being hacked, even after being cautious with the numbers.
It is hard for users to remember one specific password for each site. That makes a lot easier for a single person with minimum knowledge to break our security and get access to our info. We are vulnerable. Just this year, passwords like "123456" are still very popular among people.
We are living in a digital world, where we make almost any kind of transaction using the Internet. We use passwords every day for email and other accounts.
The security policies of many of websites leave information completely exposed. Every day, people develop a new program or new technique to crack our security. There are articles that explain how a hacker can crack your account password very easily, just using a variety of programs like a simple password-guessing program. This program makes multiple guesses until the password is fully cracked. The program may take a few minutes or a century; it depends on the complexity of the password. Other methods like key loggers consist of hardware devices attached to your computer that can copy your information through keywords that you use to access the accounts. Hacking through phones is another way for these people to steal your data. Using programs that can duplicate what you see on your phone, it is relatively easy for them to get your password from your phone.
These hackers can scam every person who has a personal account. They can spy on what you search, by knowing what you been looking for, that's an easy way to let you give them all they need.
You may be wondering how exactly you could get hacked? The first thing to know is that the days where all you had to worry about were pesky Windows viruses are long gone. Much hacking nowadays starts with a little social engineering and trickery before the actual techie stuff starts.
So, with that in mind, I'll begin my round-up of some of the key flavors of hacking with the activity I almost fell victim to recently: Phishing.
Phishing is maybe the most used technique for hackers to get your password because the cost and creation is excessively easy. It consists of creating a false application or false message to get the user to supply all o their information into a site that can copy that immediately. Your bank account and your email account are easy targets for these kind of programs.
Stealers are another kind of hacker. Many people using the browser leave their information floating there. It takes nothing for a person with knowledge to get those numbers or letters that keep him away from all your data.
Viruses and trojans
Although a traditional antivirus product is still commonly seen as the first line of defense in computer security, "old school" viruses and Trojans seem (subjectively) to be falling out of favor somewhat with cyber-criminals. Antivirus software, email software, and even operating systems themselves have toughened up against these "traditional" threats in recent years, leading many criminals to move into the more lucrative phishing and others activities described above.
On the other hand, websites lock your account automatically after 2 or 3 attempts. If you use a simple password that is not so hard to break it.
This type of cracking is when the hacker is pretending to be you. If you consider password composed of letters, numbers, and symbols that are roughly 100 combinations per character a five-character password will have 10 billion combinations, it seems like a lot of time, but a hacker can break a password like this, in 10 seconds.
For example, you can put more characters in your password to be more protected:
- 5 characters = 10 seconds
- 6 characters = 1,000 seconds
- 7 characters = 1 day
- 8 characters = 115 days
- 9 characters = 31 years
- 10 characters = 3,000 years
Here's a list of common ways to be more efficient with your passwords:
- Capitalizing the first letter of a word.
- Checking all combinations of upper/lower case for words.
- Inserting a number randomly in the word.
- Putting numbers on the ends of words.
- Putting numbers on the beginning of words.
- Putting the same pattern at both ends, like *foobar*.
This is why you need long passwords. Hackers can usually break anything with seven characters or fewer. They would be unlikely to guess a password that is composed of nine characters or more, combined with symbols. It would take almost a century to break such a password. People need to be more aware of this thing if we expect to be secure on the web. We can use multiple techniques to make our password safer. Hackers can use many tricks, dictionary attacks if you use lower and upper case, combinations of many letters in symbols with international characters like a vowel with an umlaut that will take any password hacker out. You should remember this advice any time you get into new websites that require a secure password.
The protection that you get depends on how creative you can be. Remember the common phrase "If you can remember it someone else can figure out." The safest password that you can put on your accounts are random passwords that are very hard to remember, but that is very difficult to do. Research also indicates that people only have the ability to remember about 10 passwords.
The odd solution is to forget about your password. While it may seem less productive, the best way to remember your password is to create one that you are going to forget, random strings are hard times for hackers.
Also, there are companies that provide that kind of service for you. They protect your accounts from these problems, and they have programs that can generate multiple passwords in seconds that make your accounts almost unbreakable.
If we keep any important information on the web, we must expect that someone, somewhere around the world is waiting to steal that from us. In an era where everything is connected, it is exhausting to hide our information, such as with social media sites.
People are more vulnerable to hackers or scams of any kind. The freedom that social media provides for people to see it all in our profile put us in a very dangerous place if we don't consider learning about tricks or advice that protect us from those people.
There are going to be times when you can lose your bank account, your credit card code, or email without you even noticing it. That kind of knowledge is something that we must acquire. The Internet has a lot of advantages but also has disadvantages. It has a dark part which can be reduced if we follow the recommendations. Not only with programs that can generate passwords in a few seconds.
Hackers can redirect our information to themselves. One of the most used ways for these people to get your information are malicious websites, where if we click in one of the many links that they have, they send some virus to your computer that can crash it or can copy all your files immediately. They can lure you with the promise of winning something, some chat, or invitation from a social media site; there are many ways that you can get into one of these. You can avoid them if you don't go to some sites that have a bad reputation. You can update your computer and antivirus software to avoid any propagation of threats.
Through black hat techniques or SEO (Search Engine Optimization), hackers can locate their websites on the top of the web seeker by using these programs. You must avoid any type of poll on the web, giving personal information online can give hackers free access to your personal accounts. Download applications only from certificated websites and don't get into risky ones, or ones that have bad reviews, despite everything we mention on this report.
The most important thing you can do is to be complex with your passwords, is the main point of this. It is very easy for a hacker to crack your password if you don't follow any of this advice.
Here's a short list of all we've been talking about to keep you safe:
- Be deeply suspicious while you're online! If you get an email from a company telling you to change your password, don't click the link. Go directly to what you know is their legitimate website.
- Never download attachments from sources you're unfamiliar with, even if you've been convinced you've won $1000!
- Use a VPN solution like Express VPN for all your online activity to increase your security and privacy, and make it harder for people to learn about you and what you do online – it could be used against you by a criminal or provide some extra clues for a phishing attack. You'll find a list of recommended VPNs for Windows here and for Mac here.
- Use antivirus software and keep it up to date – and yes that does apply to Mac users!
- Never reveal anything to do with your online life to anyone who calls you on the phone. Microsoft will never phone you because they've discovered a problem on your computer.
If you are predictable or apply the simple and shortest password for all your accounts, you are going to get hacked. If you get into some sites that you know are risky, and you don't put any effort to protect your information, you are going to get hacked. It is so easy for a skillful hacker to leave you without a thing. The cost of being lazy with your protection on the web can be really high.
What should you learn next?
Sources
- Get hacked one-in-three
- CompSci Project ideas
- How hackers will crack your password
- Hacker password cracking test
- Your password is easy to crack
Enroll in an Ethical Hacking Boot Camp and earn two of the industry’s most respected certifications — guaranteed.
- CEH exam voucher
- PenTest+ exam voucher
- Exam Pass Guarantee
- Live online hacking training
In this Series
- How easy is it for a hacker to crack your password?
- The rise of ethical hacking: Protecting businesses in 2024
- How to crack a password: Demo and video walkthrough
- Inside Equifax's massive breach: Demo of the exploit
- Wi-Fi password hack: WPA and WPA2 examples and video walkthrough
- How to hack mobile communications via Unisoc baseband vulnerability
- How to build a hook syscall detector
- Top tools for password-spraying attacks in active directory networks
- NPK: Free tool to crack password hashes with AWS
- Tutorial: How to exfiltrate or execute files in compromised machines with DNS
- Top 19 tools for hardware hacking with Kali Linux
- 20 popular wireless hacking tools [updated 2021]
- 13 popular wireless hacking tools [updated 2021]
- Man-in-the-middle attack: Real-life example and video walkthrough [Updated 2021]
- Decrypting SSL/TLS traffic with Wireshark [updated 2021]
- Dumping a complete database using SQL injection [updated 2021]
- Hacking clients with WPAD (web proxy auto-discovery) protocol [updated 2021]
- Hacking communities in the deep web [updated 2021]
- How to hack Android devices using the StageFright vulnerability [updated 2021]
- Hashcat tutorial for beginners [updated 2021]
- How to hack a phone charger
- What is a side-channel attack?
- Copy-paste compromises
- Hacking Microsoft teams vulnerabilities: A step-by-step guide
- PDF file format: Basic structure [updated 2020]
- 10 most popular password cracking tools [updated 2020]
- Popular tools for brute-force attacks [updated for 2020]
- Top 7 cybersecurity books for ethical hackers in 2020
- How quickly can hackers find exposed data online? Faster than you think …
- Hacking the Tor network: Follow up [updated 2020]
- Podcast/webinar recap: What's new in ethical hacking?
- Ethical hacking: TCP/IP for hackers
- Ethical hacking: SNMP recon
- How hackers check to see if your website is hackable
- Ethical hacking: Stealthy network recon techniques
- Getting started in Red Teaming
- Ethical hacking: IoT hacking tools
- Ethical hacking: BYOD vulnerabilities
- Ethical hacking: Wireless hacking with Kismet
- Ethical hacking: How to hack a web server
- Ethical hacking: Top 6 techniques for attacking two-factor authentication
- Ethical hacking: Port interrogation tools and techniques
- Ethical hacking: Top 10 browser extensions for hacking
- Ethical hacking: Social engineering basics
- Ethical hacking: Breaking windows passwords
- Ethical hacking: Basic malware analysis tools
- Ethical hacking: How to crack long passwords
- Ethical hacking: Passive information gathering with Maltego
- Ethical hacking: Log tampering 101
- Ethical hacking: What is vulnerability identification?
- Ethical hacking: Breaking cryptography (for hackers)
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
