How does an account password get hacked?


Many logins now have security levels with combination of letters, number, upper case, and special character. And also won't allow common English words.


Isn't that enough? Normal person can't logically figure it out. I don't see how a computer can, even at nano second speed to run through all the possible combinations.


So shouldn't all passwords be "secured" as-is?


Or is it more a case of, for every 100 guys that choose a strong password combination, someone is going to choose ABC123 as their password.

 

ask Target.

 

What happens (generally) is as follows:

1. Web site stores your username and HASH of your password (proprietary algorithmic representation of your password that only the algorithm holder should be able to decipher).

2. Hacker accesses list of usernames and password HASHES, along with PW hints.

3. Hacker examines the list for the most common HASHES. Begins testing accounts with the most commonly used passwords (Jesus, Password, abc123, etc...).

4. Hacker ALSO looks at password hints amongst the most commonly occurring HASHES for hints that are actually the user's password (some people do this). If 1000 users all have the same HASH, and one of those users left "Jesus" as their PW hint, there is a good chance that user, and the other 999 used the password "Jesus".

Lather, rinse, repeat.

 

I encourage everyone to use Two Factor Authentication with any account that allows it.

With 2FA, even if someone discovers your password, they would also need your cellphone to be able to receive the text (most common method) in order to access the account. For now.

 

Ask Stogie

 

 

Hacker gets your email address from facebook. Pretty good chance that is your username. Hacker goes to amazon, home depot, etc. and hits the "i forgot password" link. System asks hacker "what was your high school mascot?" Hacker hits your facebook page to see where you went to high school. You just been haxored.