DATA DOCTORS

Here’s how hackers are able to crack your passwords

Feb 27, 2021, 7:15 AM
(Photo by Tomohiro Ohsumi/Getty Images)...
(Photo by Tomohiro Ohsumi/Getty Images)
(Photo by Tomohiro Ohsumi/Getty Images)

Q: How can hackers try millions of passwords at a time when I will get locked out after 3 failed attempts?

A: Passwords continue to be the primary target of cybercriminals because they represent the “keys to your kingdom,” especially when it comes to your email account.

Online security tools such as Gibson Research’s Haystack tool show you just how quickly any short password can be cracked, but it’s based on billions and trillions of guesses per second.

Tools like this are showing how fast a ‘brute force’ attack can break shorter passwords, which typically will occur offline.

Offline Password Cracking

Your question is a common one because most people assume that password hacking is done through the same interface as we all use to log into our accounts, but that’s not the typical approach.

All of the websites that require you to enter a password store those passwords using some form of what’s known as ‘hashing’. This means that your password is converted into a random string of characters that looks nothing like your actual password before it gets stored on their servers.

As an example, the common password “monkey” in MD5 Hashing will always be stored as “d0763edaa9d9bd2a9516280e9044d885” which is child’s play for a computer to convert back to the original word.

Most offline cracking activity begins after a breach has occurred and the database of ‘hashed’ passwords are stolen and saved elsewhere to be worked on.

Think of it as a bank robber stealing the vault and cracking it somewhere else vs. trying to crack open the vault at the bank itself.

Brute force attacks are essentially a guessing game that pits computing power against the length of your password, which is why creating a longer password is always better.

It’s simple math as every combination of letters, numbers and special characters can be tried in milliseconds if there is enough computing power available.

In the Haystack tool, you will see that any 8-character password can be broken in just over 1 minute.

As you add additional characters, the time to crack them goes up because each additional character exponentially increases the number of guesses required.

Given enough time, all passwords can be cracked, so what you want to do is create long enough passwords that aren’t worth the time to crack.

Other Password Hacking Techniques

Brute Force is just one of many methods hackers use to crack passwords, which is why it’s so important to use a different long password for each of your online accounts.

There are ‘Dictionary attacks’, which use every word and any combination of those words that can be found in a dictionary.

‘Rainbow Table attacks’ use a form of known password databases because they’ve pre-computed all of the possible password combinations for all of the most common hashing techniques in one big table. This greatly reduces the time it takes to crack a password because it becomes a simple lookup exercise.

Although these attacks have been around since the beginning, sophisticated phishing and social engineering schemes are a faster way to get real passwords that can be exploited, which is why they continue to grow and evolve.

Data Doctors

FILE - In this Monday, Nov. 18, 2019 file photo, the logo of Google is displayed on a carpet at the...
Ken Colburn, Data Doctors

In need of Gmail storage space cleanup tips? Here are a few to get you started

If you haven’t done much in the past to keep the clutter from building up in your Gmail account, there are a number of places where you can free up valuable storage space.
4 days ago
(Pexels Photo)...
Data Doctors

Here are the latest online shopping tips for 2021

As the holiday seasons drives up purchase volumes, here are the latest online shopping safety tips.
11 days ago
(Pexels Photo)...
Ken Colburn, Data Doctors

Column: Does Windows 11 Need Anti-Virus Software?

With all of the new security features in Windows 11, here's why you should consider security software packages.
18 days ago
(Pixabay Photo)...
Ken Colburn, Data Doctors

What to consider when deciding whether to buy or rent Internet router, modem

There are pros and cons to both sides of the buy-versus-rent an internet modem/router question and there is no single answer for everyone.
25 days ago
(Pixabay Photo)...
Data Doctors

Column: Why computer extended warranties are a waste

When it comes to computers, there are a variety of reasons that buying ‘extra protection’ up front can be a waste of money.
1 month ago
(Unsplash Photo)...
Ken Colburn, Data Doctors

Yes, you can take presentable astronomy photos on phone camera

While serious astrophotography requires a pile of expensive DSLR camera equipment, you can actually get decent images from your smartphone with a little work.
1 month ago

Sponsored Articles

...
Sanderson Ford

Sanderson Ford offers cars and deals for all this holiday season

Sanderson Ford’s No! Vember Black Friday sale is giving an opportunity to purchase a new 2021 vehicle just in time for the holiday season.
...
PNC BANK

How your family can explore the Musical Instrument Museum

Whether you want to spend a day with family, do crafts with kids at home, or have an adult night out, the Musical Instrument Museum in Phoenix has options. As the world’s only global musical instrument museum, MIM offers interactive and immersive exhibits to foster an appreciation of different cultures and their instruments. “A visit […]
...
Day & Night Air Conditioning, Heating and Plumbing

Why fall maintenance is important for your heating system and A/C

It’s easy to ignore your heater and air conditioner when they’re working but the moment something breaks, you will likely regret not keeping up with maintenance. After all, if something goes wrong, you may be stuck with a repair that will take longer and be more expensive than simple maintenance.
Here’s how hackers are able to crack your passwords