Aubrey and Lloyds Guide to the ten top techniques hackers can use to crack your password
1. Malware attacks
In this hacking attack a screen scarper or key logger will be used so that whenever you type anything a screenshot will be taken and the details forwarded to the hacker. Simples!
2. The Social engineering hack
This takes the "ask for the password from the user" idea away from the inbox. Typically a phone call will come in saying that the caller is a tech guy who is phoning to sort out a problem with your system who will then ask for the log in details. Some have even donned suits and turned up at business in person!
3. The Dictionary attack
This hack uses a simple file that contains words found in a dictionary. The hack works by using the words that many people will commonly use when they pick a password. You might think that bunching words together in such as allowmein might fool the hackers, but sadly it wont!
4. The Phishing scam
We should all be familiar with the phishing scam by now that works by getting the recipient to click on a fake log in page on the service the hacker is trying to access and inviting the recipient to put right some awful problem that has arisen with their security. The page will then skim the password of the person. Not so much hacking as just asking for and being given the password!
5. The Brute Force Attack
This hack uses, as well as the common dictionary words formula, a non-dictionary selection using alphanumeric combination right the way through from a1 to the end of the alphabet. This will take the hacker longer if your password is relatively long but he or she will eventually crack your code!
6. The Rainbow table attack
This analogy to gold at the end of the rainbow is very true where the hacker is concerned because if he can crack your password there might well be gold at the end of his rainbow. The rainbow table the hackers use will include hashes of word combinations that have been pre-computed for the algorithm of any and all hashes. This type of approach means the hacker does not have to crack a password as much as just look it up on a list. It does however need some serious computing power
7. The shoulder surf
Believe it or not, hackers sometimes show up pretending to be a service engineer or delivering courier or as anything else that they think will get them into a premises. Looking official they can then wander at will, unchallenged and literally look over the shoulders of staff and take note of passwords and anything else they want to see as well as passwords written on post-its or other aide memoires.
8. The Spider hack
Some hackers have come to realize that a lot of passwords in companies will
contain words that are business connected. Looking at information about the business, any sales materials and the websites of direct competitors and of the customers of the business will help them to build a customised word list that they can then use in a ‘brute force attack’.
9. Code cracking offline
When you know that you will only get three of four chances to put in your password before you get logged out you might think that you are super-safe where hacking is concerned. Unfortunately that is not true because more often that not hacking of passwords is accomplished offline after a system has been compromised, often through a previous hack carried out on a third party that lets the hacker into your system and the password hash-file.
10. The Guessing approach
In actual fact how predictable we are is always going to be the hacker’s best tool. Unless you use a truly random password created by software that is dedicated to that, a user-generated random password is never likely to be that! What will happen is that our brains' emotional response to things like our pets our family, hobbies and such like will be how we chose that password. Details of those people and pets and 10k runs will be on social media where we have entered them, so this can be an easy job for a hacker. Any password cracker worth his or her salt will soon get to a correct educated guess of a consumer-level password without ever needing to resort to a brute force or dictionary attack.
At Aubrey and Lloyds we have seen it all and we hope this guide will help you be aware of what is our there so that you can take precautions against having your password hacked!
1. Malware attacks
In this hacking attack a screen scarper or key logger will be used so that whenever you type anything a screenshot will be taken and the details forwarded to the hacker. Simples!
2. The Social engineering hack
This takes the "ask for the password from the user" idea away from the inbox. Typically a phone call will come in saying that the caller is a tech guy who is phoning to sort out a problem with your system who will then ask for the log in details. Some have even donned suits and turned up at business in person!
3. The Dictionary attack
This hack uses a simple file that contains words found in a dictionary. The hack works by using the words that many people will commonly use when they pick a password. You might think that bunching words together in such as allowmein might fool the hackers, but sadly it wont!
4. The Phishing scam
We should all be familiar with the phishing scam by now that works by getting the recipient to click on a fake log in page on the service the hacker is trying to access and inviting the recipient to put right some awful problem that has arisen with their security. The page will then skim the password of the person. Not so much hacking as just asking for and being given the password!
5. The Brute Force Attack
This hack uses, as well as the common dictionary words formula, a non-dictionary selection using alphanumeric combination right the way through from a1 to the end of the alphabet. This will take the hacker longer if your password is relatively long but he or she will eventually crack your code!
6. The Rainbow table attack
This analogy to gold at the end of the rainbow is very true where the hacker is concerned because if he can crack your password there might well be gold at the end of his rainbow. The rainbow table the hackers use will include hashes of word combinations that have been pre-computed for the algorithm of any and all hashes. This type of approach means the hacker does not have to crack a password as much as just look it up on a list. It does however need some serious computing power
7. The shoulder surf
Believe it or not, hackers sometimes show up pretending to be a service engineer or delivering courier or as anything else that they think will get them into a premises. Looking official they can then wander at will, unchallenged and literally look over the shoulders of staff and take note of passwords and anything else they want to see as well as passwords written on post-its or other aide memoires.
8. The Spider hack
Some hackers have come to realize that a lot of passwords in companies will
contain words that are business connected. Looking at information about the business, any sales materials and the websites of direct competitors and of the customers of the business will help them to build a customised word list that they can then use in a ‘brute force attack’.
9. Code cracking offline
When you know that you will only get three of four chances to put in your password before you get logged out you might think that you are super-safe where hacking is concerned. Unfortunately that is not true because more often that not hacking of passwords is accomplished offline after a system has been compromised, often through a previous hack carried out on a third party that lets the hacker into your system and the password hash-file.
10. The Guessing approach
In actual fact how predictable we are is always going to be the hacker’s best tool. Unless you use a truly random password created by software that is dedicated to that, a user-generated random password is never likely to be that! What will happen is that our brains' emotional response to things like our pets our family, hobbies and such like will be how we chose that password. Details of those people and pets and 10k runs will be on social media where we have entered them, so this can be an easy job for a hacker. Any password cracker worth his or her salt will soon get to a correct educated guess of a consumer-level password without ever needing to resort to a brute force or dictionary attack.
At Aubrey and Lloyds we have seen it all and we hope this guide will help you be aware of what is our there so that you can take precautions against having your password hacked!