How do hackers intercept passwords?
In every movie with a hacker there is always that scene where the hacker has to guess the correct password. The hacker is under enormous pressure, where every second counts. They make one or two wrong attempts to guess the password before finally typing in the correct password, and that's it! They're inside. Now they can launch the missile, or prevent the missile from launching, or steal all the evidence that will incriminate the crime boss.
After what you see in movies, you would think that “hacking” is a matter of guessing a few passwords and getting instant access to something. You'd also think it's usually a solo hacker targeting a specific person for a specific reason — perhaps because their target is a millionaire or the big boss of a big company.
But what you see on the big screen is pretty far from the reality of how hackers get passwords and how they use them.
How do hackers hack passwords?
When hackers try to retrieve passwords, they don't manually try one by one in a password field. Instead, they have programs and databases full of word lists to help them figure out passwords that might work.
First, most passwords that hackers can access are stolen in major data breaches from popular online services. When popular services like LinkedIn, eBay and Adobe leak millions of records, the passwords stolen in those breaches are collected in large databases. Also, lesser-known websites are regularly hacked due to poor security protocols. So, what do hackers do? They use these "dumps" of data to run "word lists", using software (or "bots") to automatically test every username and password combination in the database to see if they have successfully logged in to another website .
If a hacker knows the email address of a user's account, they can use SQL Injections to test known passwords (such as 12345 and asdf) to see if they work with that particular email address. Again, bots run these tests and only if a match is found will a hacker use the valid credentials to take over the account.
And let's not forget phishing emails. With large databases full of email addresses, it is very easy for hackers to send millions of emails every day. Often, these emails impersonate legitimate services, such as banks, and are tricked into giving away personal information. The person in question can enter the e-mail click and be sent to a login page that looks legitimate, but actually just collects his credentials for the hacker to use.
How do hackers get into my computer?
It's much less likely (but still possible) that hackers will actually hack into your computer. It is much easier for them to use credentials, Sql Injections and phishing emails to find credentials to access your account.
But there are multiple ways hackers can try to steal your information online. Sometimes phishing emails contain malicious software or malware, malicious software in attachments or in embedded links. By downloading the malware to their computer, people increase the chances that a keylogger is installed that can then capture their passwords and send them to a hacker. Or people can ransomware download that allows hackers to extort you for money or information to buy back your data.
If someone at home or in the office has access to your physical device, it is also possible that someone can try to log in directly to your computer. If you have your passwords written down in an easily accessible place, a hacker may have no problem breaking into your computer. That said, the risk is very low, and it's more like someone you know personally than a stranger.
How can I keep hackers out?
Most of us are attractive enough to be targets of potential hacking. We probably aren't millionaires, don't hold high-profile corporate positions, or hold senior government positions. But hackers also like the “low hanging fruit.” They will often hack what can be hacked.
First, don't use the same password over and over. A password manager can help you generate unique passwords for each account (and provide you with a convenient place to store them). This way, a password stolen in a data breach for a website won't automatically give a hacker access to your other online accounts.
Second, add two-factor authentication where possible. If a hacker manages to get hold of your username and password, two-factor authentication will require additional credentials that the hacker probably doesn't have access to.
With just a few simple steps, you lower your chances of a hacker figuring out your passwords or hacking into your computer. If you are no longer an easy target, hackers are much more likely to give up.
