DATA DOCTORS

Here’s how hackers are able to crack your passwords

Feb 27, 2021, 7:15 AM

(Photo by Tomohiro Ohsumi/Getty Images)...

(Photo by Tomohiro Ohsumi/Getty Images)

(Photo by Tomohiro Ohsumi/Getty Images)

Q: How can hackers try millions of passwords at a time when I will get locked out after 3 failed attempts?

A: Passwords continue to be the primary target of cybercriminals because they represent the “keys to your kingdom,” especially when it comes to your email account.

Online security tools such as Gibson Research’s Haystack tool show you just how quickly any short password can be cracked, but it’s based on billions and trillions of guesses per second.

Tools like this are showing how fast a ‘brute force’ attack can break shorter passwords, which typically will occur offline.

Offline Password Cracking

Your question is a common one because most people assume that password hacking is done through the same interface as we all use to log into our accounts, but that’s not the typical approach.

All of the websites that require you to enter a password store those passwords using some form of what’s known as ‘hashing’. This means that your password is converted into a random string of characters that looks nothing like your actual password before it gets stored on their servers.

As an example, the common password “monkey” in MD5 Hashing will always be stored as “d0763edaa9d9bd2a9516280e9044d885” which is child’s play for a computer to convert back to the original word.

Most offline cracking activity begins after a breach has occurred and the database of ‘hashed’ passwords are stolen and saved elsewhere to be worked on.

Think of it as a bank robber stealing the vault and cracking it somewhere else vs. trying to crack open the vault at the bank itself.

Brute force attacks are essentially a guessing game that pits computing power against the length of your password, which is why creating a longer password is always better.

It’s simple math as every combination of letters, numbers and special characters can be tried in milliseconds if there is enough computing power available.

In the Haystack tool, you will see that any 8-character password can be broken in just over 1 minute.

As you add additional characters, the time to crack them goes up because each additional character exponentially increases the number of guesses required.

Given enough time, all passwords can be cracked, so what you want to do is create long enough passwords that aren’t worth the time to crack.

Other Password Hacking Techniques

Brute Force is just one of many methods hackers use to crack passwords, which is why it’s so important to use a different long password for each of your online accounts.

There are ‘Dictionary attacks’, which use every word and any combination of those words that can be found in a dictionary.

‘Rainbow Table attacks’ use a form of known password databases because they’ve pre-computed all of the possible password combinations for all of the most common hashing techniques in one big table. This greatly reduces the time it takes to crack a password because it becomes a simple lookup exercise.

Although these attacks have been around since the beginning, sophisticated phishing and social engineering schemes are a faster way to get real passwords that can be exploited, which is why they continue to grow and evolve.

Data Doctors

Many of the fake videos you’ll encounter are likely to be viewed on your smartphone, which can ma...

Data Doctors

Here are all the tips we know regarding how to spot deep fake videos

Many of the fake videos you’ll encounter are likely to be viewed on your smartphone, which can make detection a bit more difficult.

3 days ago

Patrick Mahomes #15 and head coach Andy Reid of the Kansas City Chiefs are recorded on a phone as t...

Data Doctors

Handy tech tips all Valley residents should use to find lost phones in a snap

Q: My phone went missing, and I haven’t been able to locate it using the Find My service, so what should I do next?

10 days ago

(Pexels Photo)...

Ken Colburn, Data Doctors

Here are tips for freeing up Google storage space

Google provides a generous amount of free online storage but it can fill up quickly depending on how many of its resources you use.

17 days ago

Discover how to assess, estimate, and shop for the right battery pack with this concise guide. (Pex...

Data Doctors

Here is everything you need to know for testing and buying battery banks

Discover how to assess, estimate and shop for the right battery pack with this concise guide.

24 days ago

(Pexels Photo)...

Ken Colburn, Data Doctors

Here are the truly free smartphone video editing apps

The processing power on our smartphones has grown exponentially, allowing anyone to perform sophisticated video editing easily.

1 month ago

Google Maps app....

Data Doctors

How to rediscover places visited years ago on Google maps

Whether you're an Android or iOS user, or prefer accessing Google Maps on your computer, you'll find step-by-step instructions to unlock your travel memories effortlessly.

1 month ago

Sponsored Articles

...

Condor Airlines

Condor Airlines can get you smoothly from Phoenix to Frankfurt on new A330-900neo airplane

Adventure Awaits! And there's no better way to experience the vacation of your dreams than traveling with Condor Airlines.

...

DESERT INSTITUTE FOR SPINE CARE

Desert Institute for Spine Care is the place for weekend warriors to fix their back pain

Spring has sprung and nothing is better than March in Arizona. The temperatures are perfect and with the beautiful weather, Arizona has become a hotbed for hikers, runners, golfers, pickleball players and all types of weekend warriors.

...

Day & Night Air Conditioning, Heating and Plumbing

Day & Night is looking for the oldest AC in the Valley

Does your air conditioner make weird noises or a burning smell when it starts? If so, you may be due for an AC unit replacement.

Here’s how hackers are able to crack your passwords