Password: Easy to Remember, Easy to Hack

  • By Bryan Lee
  • Published: Sep 09, 2022
  • Last Updated: Sep 15, 2022

password safety

Most people don’t worry about password safety until it becomes a problem. They find an email or notification from a website asking, “Is this you?” Or they notice unverified purchases from a credit card linked to one of their accounts. Only then do they take a moment and ask themselves: how secure are my passwords?

It doesn't take a reclusive genius to break most passwords despite what movies would have us believe. How vulnerable a password is to hackers depends largely on how a site stores sensitive data. In general, there are four ways to do this.

Plain Text

The most basic method to store information is in plain text. It’s also the most unreliable and quickly leads to account takeovers. If a hacker gains access to a server, they can read each password without additional steps.

For example, if your password is “Elephant,” it would be stored on that site’s server as “Elephant.”

Encryptions

Using encryptions is a better but still unsafe method for password storage. Encryption is a secret code used to hide information. You may have used it in school when passing around secret messages. So, a hacker could only read the information they dig up if they have access to the code.

The problem with encryptions is that many small sites store their information on a single server. This means that hackers skilled enough to access account credentials with this method will also automatically get the encryption key.

Hashing

Hashing a password is very similar to encryption, except for one huge difference. There isn’t a key.

Websites generally use encryptions because they want an easy way to reverse engineer and recover a password in plain text. However, if a company doesn’t need to know its user’s passwords, then there’s no need for a key.

Hashing removes a critical weak point of encryptions and forces hackers to “guess” passwords if they want to compromise your information. While this might sound safe, advanced computing power allows hackers to guess anywhere from ten thousand to a billion passwords per second.

Salting

Unfortunately, not everyone creates long passwords for themselves. This means that even hashing by itself is unreliable. That’s why safety-minded sites will “salt” their stored passwords.

Salting a password means tacking on random characters at the beginning or end of it. The extra characters make passwords more complex and a less desirable target for hackers. Sites typically salt in addition to hashing for maximum protection.

Common Methods for Hacking a Password

Hackers use various options to break a password without much effort. Eighty percent of hacking incidents occur due to stolen passwords. So, if you’re not careful with managing your passwords, you may have fallen victim to one of the methods below.

Brute Force Attacks

Brute force attacks are exactly what they sound like. A hacker uses raw computing power to check every possible combination until they land on your password, including all numbers, symbols, and letters (uppercase and lowercase.)

For reference, it only takes a hacker 31 seconds to break a 7-character long password, even if it is mixed in symbols, numbers, and letters.

The easiest way to get around this weakness is to raise the number of passwords a hacker needs to check to guess the correct one. The longer a password is, the more combinations are possible. Even a computer checking billions of combinations every second will need a few trillion years if a password is long enough.

Dictionary Attacks

Dictionary attacks are much more focused than brute-force ones. They prey on people who use a password instead of a passphrase. By checking every word in the dictionary, if a user’s password is a single word, it’ll be broken instantly.

Phishing Attacks

Cybercriminals use phishing attacks to deceive people into revealing personal information and stealing their identities. There are limitless ways to do this, but most involve impersonating an authority figure to pressure the target.

Most phishing scams will use a malicious link or download rather than ask for login credentials outright. A supposed message from a boss, bank, or hospital will discreetly download malware programs onto your device.

These programs will relay information to the cybercriminal without the user knowing. In extreme cases, one infected device could spread to others and create an entire network of compromised accounts.

How to Secure Your Passwords

Now that we’ve gone over the possible dangers, you’ll need to know how to defend yourself. The following rules should be your top priority when creating new passwords.

  • Keep it impersonal: NEVER use personal information like birthdays, address numbers, or phone numbers in your passwords. Extra caution is advised now that hackers and scammers can find most personal data through social media profiles and professional pages.
  • Convenience isn’t the goal: It’s tempting to make all your passwords easy to remember by using a single word or string of numbers. Doing this makes you stand out to hackers as an easy mark and further endangers your data. The longer and more complex your passwords, the better.
  • Make unique passwords: Avoid repeating the same password for multiple accounts. If one account is hacked into, then everything else is in danger. You’ll have to go through the insanely tedious process of changing all your passwords. Using a random password generator is an easy way to keep every password unique.

What are Password Managers?

A password manager is like a high-security vault for your login credentials and other information. This vault will quickly spit out anything you need, and you don’t even need to remember what’s inside.

These services naturally veer users from lousy password habits like the ones mentioned in the previous section. By automatically generating stronger passwords, users avoid repeated and short passwords that are easy prey for hackers.

Additionally, password managers automatically fill in the login credentials for any site on which the user has an account, removing the need to memorize many passwords. Password managers are beneficial for people with multiple emails or social media accounts.

Typically, having every password in one place would be unwise. However, password managers use the same protection as most banks and security firms, 256-bit AES encryption. The National Security Agency recognizes this encryption for its safety and as one of the most mathematically complex protocols available.

About the Author
IDStrong Logo

Related Articles

How To Make Your IG Account Private

There are occasions when it makes more sense to have a private Instagram (IG) account. You might w ... Read More

Windows 10 Privacy Settings You Should Change Now

Privacy is a buzzword we hear a lot these days in the wake of data breaches, Wikileaks, and other ... Read More

How to Delete Your Facebook Account

It might seem absurd to some people who live on Facebook, deleting your Facebook account. But, man ... Read More

How to Change Network From Public to Private On Windows

Privacy has become a major concern for many of us after reading about all the data breaches, hacki ... Read More

Twitter Security and Privacy Settings Made Simple

With data breaches and ransomware intrusions in the news daily, privacy is the word on everyone’ ... Read More

Latest Articles

What You Need to Know about the Delta Dental Data Breach

What You Need to Know about the Delta Dental Data Breach

Delta Dental is a dental insurance provider serving over 90 million Americans. It offers coverage in all 50 states, Puerto Rico, and Washington, D.C. The company was established in 1966 in California as part of the Delta Dental Plans Association.

What You Need to Know about the Hot Topic Data Breach

What You Need to Know about the Hot Topic Data Breach

Hot Topic plays in the fashion, apparel, and shoe industry as a retailer of music-influenced apparel and accessories, such as jeans, tops, belts, dresses, pajamas, sunglasses, jewelry, and tees.

Google Voice Scams: What They Are and How to Stay Safe

Google Voice Scams: What They Are and How to Stay Safe

Google Voice scams continue to pose a risk for users of this service. Scammers continuously attempt to lure users into divulging their verification PIN code.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Notice

By proceeding with this scan, you agree to let IDStrong run a Free Scan of supplied parameters of your personal information and provide free preliminary findings in compliance with our Terms of Use and Privacy Notice. You consent to us using your provided information to complete the Free Scan and compare it against our records and breach databases or sources to provide your Free preliminary findings report.

Rest assured: IDStrong will not share your information with third parties or store your information beyond what is required to perform your scan and share your results.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close