How Do Hackers Get Passwords?

Password Hack Image

Password hacking

As we know, a password is a valuable piece of information. It is the first line of defense to prevent unwanted access to our computers and many online accounts. Hence, it should remain a top-guarded secret.

Unfortunately, password hacking is the dream of cybercriminals, where they aim to access individual or an entity’s accounts and data. Here, they use several techniques like phishing, malware, and advanced guesswork.

What do hackers look like?

The typical fictitious look we have of hackers is a hoodie-wearing, black-clothed man with dyed hair and piercings.

However, in reality, a hacker could be any random person in public, from a cashier, construction worker to a university student or a waiter at your favorite restaurant. Unless the police are looking for an identified black hat, the internet makes it easy to remain mysterious.

How easily can your password be hacked?

Without the right safety precautions, a password leak becomes simple for a hacker. Of course, it’s not child’s play to hack a passcode. It depends on the methods used (which we’ll discuss later).

How long does it take to crack someone’s password?

It depends on the length. Experts have confirmed that a computer can guess any eight-character code with standard letters in less than an hour. This is despite having a staggering 209 billion possible combinations.

This means a password of a tinier length can be cracked in a shorter time. Our research also suggests:

  • It would take about 34 000 years for a computer to crack a 12-character passcode with one capital letter, special symbol, and number.

  • ‘123456’ and ‘password’ are still the most commonly used passwords worldwide.

It tells us how important it is to have a strong passcode that would take account hackers too long to solve, stopping them dead in their tracks.

How do hackers get passwords?

Let’s look at the most common techniques for doing this:


Phishing comes in various forms. However, the main goal is to deceive the victim into revealing sensitive information under the guise of a legitimate company or individual. Typically, phishers steal passwords via email phishing.

  1. A prime example is a spoofed email from a seemingly authentic business demanding immediate attention with a link. Once clicked, it takes the user to a fake login portal where they enter their login credentials, including their password.

  2. Another tactic is for the criminal to call you, posing as technical support. Here, they could ask for information like network access passwords so they can ‘offer assistance.’


Malicious software forms the foundation of many computer hacks globally. One common way malware infiltrates your device is through phishing when you click on a link or open an attachment.

From ransomware and screen scrapers to keyloggers and spyware, little is off limits for malware to steal your precious information.

Brute force attacks

A brute force attack is any trial-and-error attempt to hack passwords by systematically attempting every possible combination of letters, symbols, and phrases. This involves automated or computer processing that can quickly process vast quantities of different passwords.

A common technique is the ‘dictionary attack’ using a so-called password dictionary with millions of words. A variant of brute force attacks is password spraying. Instead of trying to access one account (running the risk of being locked out), the perpetrator ‘sprays’ a potential passcode across many accounts.


Keystroke logging is a clever way to discover a user’s login credentials. It involves spyware (malware designed to spy on you) that records your keystrokes. This, of course, includes your passwords; but this is not all.

Keyloggers can even record your conversations in messengers, search history, take screenshots of your keyboard, and remotely log in to your device. This all happens silently in the background.

Data breaches

In some cases, a hacker could access your password from a data breach of a site you have an account with. Your sensitive, protected, or confidential data is copied, transmitted, viewed, stolen, or used by an unauthorized person.


Extortion is unlawful exaction of money or property through intimidation. Hackers would advise about knowing sensitive information or claim malware exists on your device and coerce you to make a payment to prevent this from happening.

Network interception

A technical hack can involve packet sniffers or network analyzers. This technology, coupled with malware, allows the bad actor to inspect your network traffic for plain text data like entered passcodes.

Another way is for hackers to intercept your wireless network in public directly. So, this technique doesn’t always need malware and works best where your connection isn’t encrypted.

Targeted personal attacks

This involves a criminal studying their target by gathering as many intimate details about them.

For instance, they may study their hobbies or interests, where they work, the companies they interact with, etc. With this information, the hacker can implement the techniques we’ve discussed to find that person’s password.

How to protect passwords from hackers solves many, but not all, of these cases by making it simple and safe to share passwords and protect them from prying eyes. It applies end-to-end encryption and self-destruction to your messages.

For situations where you want only to shield your passwords, here are some useful tips:

  • Use a password manager to store your passwords instead of paper or text files
  • Create a complex password that would be very difficult, if not impossible, to guess
  • Each account you have must use a different password
  • Where possible, use two-factor authentication
  • Be aware of phishing scams and be vigilant in your online activity
  • Ensure your computing devices are virus-free and regularly updated


The reality of people stealing passwords is something that no one should underestimate. They can open the floodgates to devastating data breaches in the wrong hands. Once you have the strongest password possible and take all the necessary security precautions, you can have peace of mind.