How do Passwords Get Stolen?

    How do Passwords Get Stolen
    Quick Navigation
    #1 Phishing
    #2 Tabnapping
    #3 Password recover
    #4 Playing the guessing game
    What can you do to protect your password?

    Have you ever had your password stolen? Then you must have wondered how something so horrible could have happened and what mistake you had made.

    Most people imagine hackers relentlessly typing on a keyboard until they hack an account. Well, the truth is that there are far easier ways for criminals to get their hands on someone’s password.

    So, to help you protect your accounts and private information, I’m going to reveal to you how passwords get stolen. I will also give you some advice on how to protect your accounts and passwords.

    #1 Phishing

    One of the most popular ways hackers gain access to users’ accounts is through phishing. It goes like this. You receive an email that at first glance looks legitimate. It usually states something like “Dear user, there is a problem with your account” or “Dear client, your account has been limited.”

    So they ask you to verify your account by clicking on a link and providing your username and password. If you follow the link, it will take you to a website that looks just like the real deal, but it’s not. When you enter the username and password, the hacker gets your credentials and can use them.

    It’s a simple scam that relies on the user’s first instinct to click on the link because he is worried about his account security. You usually do it automatically without giving it a second thought.

    However, one important fact to remember is that your bank or email provider will address you personally. They won’t use “client” or “user”, but the name you have used to sign for their service. What’s more, they will never ask you to reenter your credentials or provide your password.

    #2 Tabnapping

    Tabnapping is a combination of the words “tab” and “kidnapping.” It another clever way hackers try to trick users into providing their passwords.

    Let’s imagine that you’ve opened several tabs on your browser and that you’re reading this article right now. What you don’t know is that any of the inactive tabs – the once you’re not currently reading could morph into fake login pages that prompt you to log into Facebook or Gmail, for example.

    That’s because hackers insert codes into normal-looking websites, which detects when a tab gets inactive. What’s more, this code is programmed to wait a certain amount of time so that you will forget that you’ve opened this tab and then it changes it a fake login page.

    So, you assume that you’ve been log off from Facebook and you enter your password none the wiser. And you hand over the password to the hacker, who can do all sorts of nasty things with your account later.

    The page looks exactly like Facebook login page, and the only way to tell that a hacker is trying to trick you is to take a look at the URL. That’s the only thing hackers can’t duplicate, so the URL doesn’t start with https do a double check immediately.

    #3 Password recover

    I’m sure that you’ve forgotten your password at least once in your life. So, the time comes to use the feature “password recover.” Well, you’re not the only one that can use that option.

    If you use common phrases as answers to your secret question or you haven’t chosen an alternative verifying email, it’s possible that hackers might exploit that weakness. The bad thing is that the hackers will change your recovery email and password as soon as he has access and you might have a lot of troubles until you get your account back.

    #4 Playing the guessing game

    Finally, hackers can get to your password by breaking into the servers which keep your passwords. But aren’t those encrypted, you would say? Well, not all sites use the strongest encryption methods possible, and even if they do, a short password is not that hard to guess.

    Remember that a hacker can run millions of passwords with a modern home computer and many more with a powerful one. So, it’s very possible that if the encryption is not top-notched that the hacker will be able to crack a lot of passwords in a couple of days.

    What can you do to protect your password?

    Here are simple tips to keep your password safe:

    • Do not open suspicious emails and never click on links that ask for your username and password.
    • Always check the URL when you’re about to enter your credentials.
    • Use long, complicated passwords.
    • Do not reveal sensitive information about yourself on your social media account.
    • Do not use common questions as your “secret question” or answers that can be found on any of your social accounts.

    The most important thing to remember is that hackers use tricks to get the users to reveal their passwords and not so much brute force. So, always be on your guard and take a moment to check with your account provider if you receive a strange email before you hand over your sensitive information.

    What do you think about these four ways passwords get stolen? Has a hacker ever stolen your password? How did it happen? Tell us in the comments.

    (Last Updated On: October 7, 2019)
    About the author

      Whale Sumo

      Hwang is a self-proclaimed nerd who loves helping people understand complex concepts. He has a passion for crypto and online privacy and enjoys teaching others about the benefits of both. Hwang is an advocate for individual freedom and believes that knowledge is power. When he's not busy sharing his knowledge with the world, Hwang can be found running full marathons or playing video games.