How do Hackers Guess Passwords?

Last Updated on 27 May 2023 by Daniel

Hackers use various techniques to guess passwords. Here are some common methods:

  1. Brute force attacks: In a brute force attack, hackers systematically try all possible combinations of characters until they find the correct password. This method can be time-consuming and resource-intensive, especially for complex passwords.
  2. Dictionary attacks: In a dictionary attack, hackers use a precompiled list of common words, phrases, or commonly used passwords (known as a “password dictionary”) to guess the password. They try each entry in the dictionary until they find a match.
  3. Social engineering: Hackers may gather personal information about the target, such as their name, birthdate, or interests, and use that information to make educated guesses about the password. They might also try to manipulate the target into revealing their password through phishing emails, phone calls, or other deceptive methods.
  4. Rainbow table attacks: Rainbow tables are precomputed tables of hashed passwords. Hackers compare the hashed passwords in a stolen database to the entries in the rainbow table to find a matching password. This method can be effective if the password is not properly salted or if a weak hashing algorithm is used.
  5. Credential stuffing: Hackers take advantage of the fact that many people reuse passwords across different accounts. They obtain a list of usernames and passwords from a data breach or other sources and try those combinations on various websites or services to see if they work.
  6. Keystroke logging: Hackers can use malware or physical devices to record the keystrokes entered by a user. This allows them to capture passwords as they are typed, giving them direct access to the user’s credentials.

It’s important to note that strong and unique passwords, along with additional security measures like two-factor authentication, can significantly reduce the risk of password guessing attacks.

Solution is form-based authentication via our AuthForm Plugin: optional and FREE plugin for Password Sentry. Password Sentry per se does not protect against dictionary / brute force attacks, where hackers try to guess or crack passwords. However, we have created a plugin for Password Sentry that does provide such protection: AuthForm Plugin. The plugin is fully CONFIGURABLE and CUSTOMIZABLE! FREE

Username: demo and Password: demo

  • Complete control of how login page looks
  • Enable / Disable Google reCaptcha usage
  • Enable / Disable Google Website Translator usage
  • Define maximum attempts to authenticate [OPTIONAL]
  • Define delay before and/or after authentication to deter hackers [OPTIONAL]
  • ALL other tracking features (e.g., suspension of abused passwords) are handled by Password Sentry backend!

An added feature of the Plugin is it, by design, effectively blocks bulk downloading. One of our competitors refers to this as “Anti-Slurping”. Bulk downloading drives up your bandwidth, which can be very expensive! Bulk downloaders automatically download everything, regardless if the content will be viewed later. Very indiscriminate, and it places a lot of load on the server. It could crash your web server. Further, the person could then copy your site on another domain, and steal your traffic and sales. The AuthForm Plugin prevents this.

By Daniel

I'm the founder and CEO of Lionsgate Creative, Password Sentry, and hoodPALS. Besides coding and technology, I also enjoy cycling, photography, and cooking.

Leave a comment