Hackers use five basic methods for obtaining passwords.
- What’s your password? The easiest way to get a password is to simply ask. People often share their passwords with technicians, colleagues, friends, and family. Even having a secure password isn't going to change this because you gave away your insurance. When it comes to passwords, don’t be a sharer, ever, with anyone.
- Guessing game. People naturally choose a password that's easy to remember. The easiest ones are those that relate to you as a person - things like your last name, pet's name, spouse’s name, birthdays, favorite car, color, food, etc. Unfortunately for you, these are also really easy things for a hacker to find out about you.
- Computer aided brute force and common word attacks. Hackers use programs that attempt to sign in to your accounts using different character combinations one at the time until it gets lucky and finds a match - the kind of boring, repetitive task for which computers are ideally suited..
- Dictionary attacks. This is the same general concept as 3 above - the only difference is that the hacker is banking on your password being a word that's in the dictionary.
- Password-cracking software. There are free password recovery tools that retrieve passwords stored on a computer; these were originally developed to help system administrators retrieve forgotten passwords, but of course they are equally adept at doing this for hackers. Administrator passwords are the gold-standard for password-cracking software, because it gives them access to absolutely everything.