How The Heck Did They Crack My Password?

They cracked my password, but how?

Fast hands typing on keyboard
Michael Sick/E+/Getty Images

Your account has been hacked! This realization sends your blood pressure through the roof and you feel sick to your stomach. Your immediate first thought: how the heck did they get MY password? This thought is followed by, what have they done with it, and how much damage are they doing right now?

The answer to those questions can be found in our article, I've been hacked! Now what? but right now, let's focus on how we got to this point.

Here Are Several Methods That The Bad Guys May Have Used to Obtain Your Password:

1. Data Breaches

It may not even be your fault. One way a hacker may have obtained your password is via a massive corporate data breach. Unfortunately, data breaches have become a fact of life these days. It seems like every other day there is some news story about a large corporation falling victim to a hack attack resulting in the exposure of customer information, oftentimes including passwords.

As soon as you hear about a data breach possibly involving one of your accounts you should take immediate action. One of the first steps you should take is to change the password on your affected account immediately after the organization affected by the breach says its safe to change your password.

2. Your Password Was Too Simple

Sometimes a password that is too simple can be a hacker's way into your account. Hackers can use brute force cracking tools, password dictionary tools, and other means to obtain your password.

The simpler your password, the shorter time it will take to crack your password.

Make your password as long as is allowable by the system that you're using. Make your password complex and random. Avoid using whole words or parts of words when creating a password as these are easily crackable by hacker tools.

Avoid easy keyboard combinations (i.e. 123456, or qwerty).

Review these tips for Creating a Strong Password, and learn more about password cracking in our article on Password Cracking With Rainbow Tables.

3. Sniffing Your Network Traffic (Evil Twin Hotspot or by Other Means)

So you're at the coffee shop surfing the Internet on your notebook minding your own business, what you don't realize is that hackers may be listening in on all of your network traffic.

Another method hackers use to obtain passwords is setting up phony Wi-Fi hotspots in public areas. These hotspots, known as Evil Twins may be given the same name as a legitimate hotspot in hopes that victims will mistakenly connect to their phony one instead of the real one. Once connected to the "Evil Twin" hotspot, hackers can eavesdrop on the data stream and potentially intercept passwords without victims even knowing it.

4. Cracked Wi-Fi

If your Wi-Fi network password isn't complex enough, then you might have it cracked by Wi-Fi Hackers. If you're using outdated wireless encryption such as the highly-crackable Wired Equivalent Privacy (WEP) encryption, then there is a very strong chance that your network could be "owned" in a matter of minutes.

Cracking WEP has become a trivial task thanks to freely available WEP cracking tools that are available on the Internet for anyone to download.

Change your wireless network security standard to WPA2 (or better if available).You should also definitely choose a wireless network password that isn't easily guessed or cracked as well. Follow the same rules as above for creating a strong password for your wireless network password.

Additionally, your network's name or SSID can be a security risk as well. You should make sure that you're not using a default network name or a common one. To learn the reasons why this is a bad thing, read our article: Is Your Wireless Network Name a Security Risk.