The quickest and the most secure thing you thought you could do to protect your personal contents safe is password. You just tend to have password set on next to everything. There have been passwords of all shapes and sizes. There is pin code, a mile-long password including alphanumeric character with a mix match of capital and small letters. Then there came in biometric protection with fingerprint, iris scanning, facial recognition, voice waveform etc. All these employed because the passwords we have been keeping in past has been easier to crack and hack.
There are really few methods that can be applied and your password is on verge of danger. There are simple as well as some complex methods that can be applied to your password hacking process. Some will require you to be a geek and some can just be little sneaking and peaking around.
How Passwords are Stored?
Before we get into the password hacking business, lets just try to get information about how passwords are stored on the first place. Knowing the process of storing will give you a clear idea of how to crack them.
Whenever you signup for some sites, you will be asked to enter your credentials. You provide them with your Email address, name or username or whatever and finally your password in plain text. How easy it would have been if the passwords were saved in plain text? But it’s a major security threat and its not feasible and illegal thing to do. Whenever you enter your plain passwords into the area, just before being saved to the database, its converted into hash code. Hash code is just a bunch of alphanumeric keys that is created from the original plain entered password using some hashing algorithm. Some of the hashing algorithms are:
- SHA (Secure Hash Algorithm)
- MD5 (Message Digest 5)
- TIGER etc.
These algorithms just taken your plain password and convert them into irreversible hash code. Irreversible in the sense that it cannot be converted back to the regular plain text by any means again. Then, not the password itself but the hash key of the password is saved into the server database. This being said, you might think that your password is pretty secure as it cannot be converted back to the normal form and you think its uncrackable. After thinking so, you can either laugh at yourself or work on creating some pretty lengthy and strong password because you might not even realise and your password might have been cracked somewhere. As the passwords from the hash key are also being hacked, there is something new called salted hash key in trend. The salted part is specific to the preference by the organizations or any other parties. The salted key or some random key is placed between the plain password and ran through the hashing algorithm. This method changes the structure of the has key and produces different hash key.
Password Cracking Methods – This is how hackers crack password:
So, after getting some information on the storage of password and techniques involved, let’s talk about cracking them. There are few methods some simple ones and some technical ones that can be applied to crack the passwords. They have been explained below.
Dictionary is a collection of every single words that are known till date. You can find literally millions of words in the dictionary. Dictionary attack is similar thing for the passwords. The dictionary attack contains huge number commonly used passwords by the user and their combinations as well. In dictionary attack, the user tries the system with many passwords of the dictionary. If the password is commonly used one, it can be found within matter of minutes if not seconds. So, using simple combination of common phrases as password won’t secure you enough to skip from this attack.
Brute Force Attack
This is another arrow in the quiver for the hackers to hack your password. In this attack, the passwords are checked with combination of each and every possible combination of alphabets and numbers. It is somewhat lengthy process and might take considerable time. Though you can speed your process by throwing in some extra processing power. If you know the exact length of the password, you can shorten the time taken by huge number.
Rainbow Attack Table
It is as name suggests, not so colourful thing to normal users but for hackers, it is colourful enough to crack passwords for them. Rainbow table is a table of pre-converted hash key of pretty much all the passwords converted by given hashing algorithm. For it to work, you have to gain the hash key for the password that you are seeking to crack. Once you have the access to the hash key, you can just look up in the list and you might be lucky to get password from the huge, unwieldy used rainbow table.
But if the hash key has been salted, you can try your luck, but you are sure to fail. You might get your answer but it won’t be the one you are seeking.
It is a technique that is similar to just asking the user their credentials. Phishing is done by making the users land on the faked login page and ask them to enter their passwords. The users don’t seem to differentiate between the authentic and faked login page and end up giving their passwords to the hackers.
It’s a piece of cake for the hackers to perform such tasks. Why crack a password when you can get one from the users easily?
It is one of the common and low-tech method for gathering someone’s password. You just pretend to be someone you are not and access the passwords. It takes the advantage of human’s trusting nature. A simple social engineering technique is to fool people into giving up their passwords which can later be used for malicious work. It might sound crazy but it happens most of the time and you might have given up your password to someone similarly.
The most annoying thing that can enter your system is malware. It enters your system as an installable file through internet and installs itself in the system. You won’t know it before something weird starts to happen to your system.
Simple keylogger of screen scrapper can be installed into your system that will record everything you enter into your system including all the passwords you enter. Its win-win condition for the hackers as they get access to not just your password but other secured contents as well. It can even scrape your browser to access the saved password as well.
Its so secure thing that a system locks out when you try to enter passwords more than few times into the system, making password cracking difficult. It would hold true, if only the password hacking process hadn’t been done offline. The most of the hacking takes place offline using a set of hashes in a password file obtained from a compromised system.
Often the target is compromised via a hack on third party which then provides access to the system servers and all the important passwords. Now hacker can take all his time to crack the password without even alerting the system or the user.
Watch This Video on “How Hackers Really Crack Your Password”:
You might have seen people staring at your devices whenever you use it in public. It is common thing and for hackers, it is the easiest thing to crack the password. They just peek behind you above your shoulder and see whatever you type in. You won’t doubt such person as they might be well dressed and not seem to do so as our human nature distinguishes gentleman from cons through their appearance.
Many of the corporate passwords are related to their business. Hackers often study their business, their products, their competitors and create a dictionary of related topics to utilize in the brute force method to crack the password.
Pro hackers tend to create automated spidering applications similar to those ones created by the search engines to gather keywords. The spidering application gathers keywords and form a list to use in brute force attack.
The simplest one is what we all human have been doing from our existence, “guessing”. There is always a predictability to your passwords unless you really have created an insane password that even you need help remembering. Thanks to our human nature, our emotional attachments, that we tend to keep passwords about the things we like the most or hate the most because it is something we never tend to forget. We choose passwords that are easier for us to remember in first place and it serves as a help to the hacker, guessing the words and creating a list to attack on and eventually cracking them.
Hence, you can take whatever password you like and make it secure, it has eventually a risk of getting cracked if not now then soon. So, the best thing to do would be to change the passwords every now and then. In this way, if someone wants to crack your password, you can keep them guessing and their systems trying their best for longer time.