blog posts

What Tricks Do Hackers Use To Obtain Passwords For Their Prey? What Is A Brute Force Attack? What Are The Methods Of Protection Against It?

hackers are always in ambush and passwords are not safe from them. But have you ever wondered how a hacker gets passwords?

We live in an age where passwords have become one of our most common tools for securing our information and accounts, such as bank accounts, web accounts, social media accounts, and more. 

Some of the methods used by hackers are much simpler than they seem. The 7 major tricks that hackers use to obtain passwords for their prey are:

  • Dictionary
  • Brute Force
  • Phishing
  • Social Engineering
  • Rainbow Table
  • Malware / Keylogger
  • Spidering

In the following, we want to introduce the first three techniques to you.

Dictionary

One of the most common methods a hacker uses to obtain passwords is a dictionary. In fact, the dictionary contains a list of the most commonly used passwords that users use, such as 123456, password, qwerty, and many other examples that we may have used ourselves over and over again. 

A hacker tries all these simple and common passwords to hack your account, so maybe one of them is your password; If you have chosen a single password for all your accounts, the situation will get worse because hacking one of them means hacking all your accounts!

 For this reason, we recommend that you choose a separate, unique, and complex password for each of your accounts. Because the passwords in this dictionary are hacked very quickly by hackers.

Brute Force

In this method, the hacker tries all possible combinations of characters to obtain the password. But in this method, too, the hacker starts his work using the widely used combinations in the dictionary technique.

 In this method, the hacking time that the hacker needs to obtain passwords varies depending on the length of the characters that you put in your password, and there can be symbols such as !, {,},], [, @, etc. Make it very difficult to hack the password through this trick. So do not forget to use these characters in passwords.

Phishing

The phishing attack is not as strong as the hack, but unfortunately, it has caught many users today. In this type of attack, the hacker designs a website with a fake address that is very close to the original address and is the same as the original website in terms of graphic design. It then sends this address to the user via email, etc. 

At first glance, everything seems to be right and the user thinks that he has been directed to the main and reputable website. He then enters his information, such as his bank card password, and this is where the hacker reaches his target, obtains his account information, and abuses it. 

For this reason, it is very important to pay attention to the website address (exact website URL).

What Is A Brute Force Attack? What Are The Methods Of Protection Against It?

If you are interested in the world of security, in this article we will mention the brute force attack, which is one of the simplest and at the same time the most successful types of attacks to obtain a password.

Security has always been a concern for all of us. This issue becomes even more important in the virtual world. In the virtual world, various attacks can endanger the security of users. 

One of the types of attacks in the security world is the brute force attack, which we will explain in the continuation of this attack and how to protect against this attack. 

 

What is a brute force attack?

This type of attack, which translates as a brutal attack, is one of the most popular and, of course, the simplest types of attacks, which some claim constitute up to 5% of successful security breach attacks, which is one of the most successful types of attacks. 

In a brute force attack, practically the hacker tries to get to the same password set by the user by trying all possible passwords.

There are different types of brute force attacks, which are mentioned below:

Simple brute force attack: In this method, the hacker uses the same systematic method of guessing the password, without considering any external rules.

Hybrid force brute attack: In this method, the hacker first uses external rules to determine which passwords are more likely and then tests possible changes to get closer to the real password.

Dictionary attack: In this method, the hacker uses a dictionary containing possible strings to obtain the desired password.

Reverse Brute Force Attack: In this method, the hacker uses one or a group of very commonly used passwords among the general public and tries these passwords on different usernames. 

In this way, the hacker targets a network of users who have used known passwords and previous hackers have been able to obtain their passwords.

Credential stuffing: In this method, the hacker uses a pair of passwords and usernames to log in to other websites. This vulnerability is since many users use the same username and password for different types of accounts on different websites.

How to prevent a brute force attack?

To protect your personal information and the information of the organization in which you work, you must pay good attention to security issues.

 In other words, in a network such as a company or an organization, the weakest member present in the organization in terms of security is the point that allows the hacker to access the information of that organization.

 Therefore, following simple but practical principles will protect you and your organization from all kinds of attacks. 

Some of the tips that can prevent your passwords from being hacked by brute force method are:
  • Do not use any information such as name, surname, date of birth, etc. that you have shared on the Internet and is available,
  • Use strong combinations of letters, numbers, and symbols in passwords
  • Use a different password for each of your accounts
  • Do not use common patterns and leaked passwords that are commonly used by many people, such as 123password, etc. (Note the weak and well-known passwords section)
  • Use longer passwords to make the brute force attack harder and more time consuming

 

Poor and known passwords

Since we all have accounts on many websites today, we usually use a single password on all of them so that we do not forget the passwords.

 On the other hand, many people usually use simple passwords for their accounts, which in itself makes the brute force attack more successful. Among these common and simple passwords we can mention the following:

  • Qwerty
  • 123456
  • abcdef123
  • a123456
  • abc123
  • Password
  • asdf, hello
  • welcome
  • 654321
  • 987654321
  • And…

 

Of course, it should be noted that security is always a relative issue, meaning that the security methods used today, given the processing power of current systems, have the necessary security, and may break with the advancement of technology and increase the processing power of systems. Make passwords that are currently secure very simple.