There are number of methods out their used by hackers to hack
your account or get your personal information. Today in this post i
will share with you guys 6 Most commonly used method to crack password
and their countermeasures. You must check out this article to be safe
and to prevent your online accounts from hacking.
1. BruteForce Attack
Any password can be cracked using Brute-force attack. Brute-force
attacks try every possible combinations of numbers, letters and special
characters until the right password is match. Brute-force attacks can
take very long time depending upon the complexity of the password. The
cracking time is determined by the speed of computer and complexity of
the password.
Countermeasure: Use long and
complex passwords. Try to use combination of upper and lowercase
letters along with numbers. Brute-force attack will take hundreds or
even thousands of years to crack such complex and long passwords.
Example: Passwords like "iloveu" or "password" can be cracked easily whereas computer will take years to crack passwords like "aN34lL00"
2. Social Engineering
Social engineering is process of manipulating someone to trust you and
get information from them. For example, if the hacker was trying to get
the password of a co-workers or friends computer, he could call him
pretending to be from the IT department and simply ask for his login
details. Sometime hackers call the victim pretending to be from bank and
ask for their credit cards details. Social Engineering can be used to
get someone password, to get bank credentials or any personal
information.
Countermeasure: If someone
tries to get your personal or bank details ask them few questions. Make
sure the person calling you is legit. Never ever give your credit card
details on phone.
Social engineering is process of manipulating someone to trust you and
get information from them. For example, if the hacker was trying to get
the password of a co-workers or friends computer, he could call him
pretending to be from the IT department and simply ask for his login
details. Sometime hackers call the victim pretending to be from bank and
ask for their credit cards details. Social Engineering can be used to
get someone password, to get bank credentials or any personal
information.
3. Rats And Keyloggers
In keylogging or RATing the hacker sends keylogger or rat to the victim.
This allows hacker to monitor every thing victim do on his computer.
Every keystroke is logged including passwords. Moreever hacker can even
control the victims computer.
Countermeasure: Never login to your bank account from cyber cafe or
someone else computer. If its important use on-screen or virtual
keyboard while tying the login. Use latest anti-virus software and keep
them updated. Check out below article to know more about Rats and
Keyloggers.
- What Is Rat
- What Is Keylogger And How To be Safe From Keylogger?
4.Phishing
Phishing is the most easiest and popular hacking method used by hackers
to get someone account details. In Phishing attack hacker send fake page
of real website like facebook, gmail to victim. When someone login
through that fake page his details is send to the hacker. This fake
pages can be easily created and hosted on free web-hosting sites.
Countermeasure: Phishing
attacks are very easy to avoid. The url of this phishing pages are
different from the real one. For example URL of phishing page of
facebook might look like facbbook.com (As you can see There are two
"b"). Always make sure that websites url is correct. Check out below
article to know more about phishing.
All About Phishing And How To Be Safe From Phishing ?
5. Rainbow Table
A Rainbow table is a huge pre-computed list of hashes for every possible
combination of characters. A password hash is a password that has gone
through a mathematical algorithm such as md5 and is transformed into
something which is not recognizable. A hash is a one way encryption so
once a password is hashed there is no way to get the original string
from the hashed string. A very commonly used hashing algorithm to store
passwords in website databases is MD5. It is almost similar to
dictionary attack, the only difference is, in rainbow tables attack
hashed characters are used as passwords whereas in dictionary attack
normal characters are used as passwords.
Example: ‘hello’ in md5 is 5d41402abc4b2a76b9719d911017c592 and zero length string ("") is d41d8cd98f00b204e9800998ecf8427e
Countermeasure: Make sure
you choose password that is long and complex. Creating tables for long
and complex password takes a very long time and a lot of resources
6. Guessing
This seems silly but this can easily help you to get someones password
within seconds. If hacker knows you, he can use information he knows
about you to guess your password. Hacker can also use combination of
Social Engineering and Guessing to acquire your password.
Countermeasure: Don't use
your name, surname, phone number or birthdate as your password. Try to
avoid creating password that relates to you. Create complex and long
password with combination of letters and numbers.
EmoticonEmoticon