When you discover that you are the victim of a hacker, your first reaction is likely to be one of confusion. How is this even possible? How could someone possibly steal my password? This is especially likely when you feel like you’ve followed all of the password “rules,” like not sharing your logins within anyone else or using easy-to-guess codes.
Still, it happens, and often, it’s surprisingly simple for hackers to get your credentials. In fact, it’s estimated that two out of every three data breaches stems from stolen or weak login credentials. But how exactly do hackers steal passwords? As it turns out, there are several methods.
1. Stolen Data
When hackers manage to steal data, rarely do they keep it for themselves. Often, the purpose of their activities is to make money, and they do so by selling the data that they steal — which are often usernames and passwords. In some cases, this information is even made publicly available online, and those who know where to find it take the information and try it on several sites. Because so many people use the same login information for many sites, often all it takes is for a criminal to find the information for one site to gain access to your entire online life.
2. Trial and Error
Hackers often use programs that will try out potential passwords, usually dictionary words, in an attempt to get a match. Most of your high-value accounts, like your bank and email, will lock the account after so many attempts, so usually these programs attempt to log into accounts that don’t lock them out repeated guesses. But, because so many passwords are used repeatedly, once the hacker has figured out one of your combinations, he or she will then use it to gain access to your more valuable accounts.
3. Social Media
It’s very likely that, thanks to your Facebook, Instagram, and Twitter accounts, you are giving hackers exactly what they need to steal your passwords. How? Usually, the information that hackers need to answer security questions and change or view your login information is contained right in your profile.
Details like your family names, favorite color, sports team, food, and vacation spot can be gleaned from your profile. To protect against nosy hackers who want to steal your identity, keep your accounts as private as possible, and use fake answers when you create your security settings to throw hackers off the trail.
Also, be aware of phishing scams as well. Hackers often try to steal information by sending phishing emails requesting login details. Remember that a legitimate company will never request your password via email. If in doubt about an email you receive, contact the company in question directly to confirm; never click on a link.
4. Wi-Fi Spying
Any time you connect to Wi-Fi using an unsecured connection, whether at home or out in public, it’s possible that a hacker could be listening in and collecting everything that you send over the network, from login details to emails. Criminals are known to hang out in places where people tend to use Wi-Fi, such as cafes, airports, and tourist destinations and just wait for emails and passwords to come their way.
Protecting Your Passwords
Given that it is so easy for hackers to steal passwords, is there anything that you can do to protect your accounts? Actually, there are several things.
1. Use a password manager. Because most people would rather clean the toilet than come up with new, secure passwords, a password manager is a useful tool for creating and storing unique credentials. Instead of remembering all of your dozens of logins — or reusing the same passwords repeatedly — the password manager will create a unique, strong password and keep it secure. All you need to do is remember the single login for the manager.
2. Use two-factor authentication. Two-factor authentication, in which you need to provide a token, a one-time use code, or other credential in addition to your username and password, can keep hackers out even if they somehow snag your login. Many websites will also send a notification when your account is accessed from a new device or location. Enable this feature and be alert to suspicious login attempts that could indicate your account has been compromised.
3. Follow password best practices. While a password manager does most of these for you, keep in mind the best practices for passwords: eight characters or longer; combine letters, numbers, and symbols; avoid dictionary words; don’t reuse passwords; and avoid storing them on mobile devices that can be lost or stolen.
Keeping your passwords secure is the best way to avoid becoming a victim of hackers. The harder you make it for them to succeed, the better off everyone will be.