Pin Me

The Anatomy of Password Hacking Programs

written by: Amanda Presley•edited by: Bill Fulks•updated: 11/7/2010

Find out how to protect your passwords by knowing how they are hacked. This article explains some of the methods of how password hacking programs work and how you can protect yourself.

  • slide 1 of 5

    Introduction

    There are many password hacking programs that are available today and some are very fast at cracking even the toughest passwords. How do these programs work and what are the underlying algorithms that they use to hack a password? This article looks at different methods of password hacking and how you can protect yourself from these attacks.

  • slide 2 of 5

    Encrypted Passwords

    Password Hacking Because many websites, operating systems, and other programs use an encrypted password in their database and usually don’t store the unencrypted password, the goal for hackers actually becomes how to decrypt the password rather than just getting the password. In many cases the encryption is 'one way' meaning that it can not be decrypted. In order to find out if the password you entered is the same as the encrypted one, the password you enter is encrypted also and then the encryption hash is then compared to the stored encryption hash to see if it is the same.

  • slide 3 of 5

    Brute Force Attacks

    There are many password hacking programs out today and many are based on what is called a brute force attack. There are different kinds of brute force attacks that a program can use in order to hack a password. A brute force attack means trying different passwords to see if they are the same as the one we are trying to hack. Below are the three main types of attacks:

    • Dictionary Brute Force Attack
      A dictionary attack tries words that are common in everyday life like all the words from the dictionary. So if your password can be found in a dictionary, it can easily be cracked using a dictionary attack. There are specialized dictionary files for brute forcing passwords in each industry. For instance, a baseball fan may use a favorite players last name for a password and if the attacker uses a dictionary file that contains baseball players then the password may be compromised.
    • Hybrid Brute Force Attack
      A hybrid attack works much like a dictionary attack but it adds values to the password being sought. Such as the persons name with numbers behind it or before it, like john123 or 456pam.
    • Brute force attack
      A standard brute force attack is one of the slowest password hacking methods because it tries every single combination of passwords. For instance it would try “aa1”, “aa2”, “aa3”, and so on. It can be very time consuming for longer passwords and it is not a preferred method of password hacking.
  • slide 4 of 5

    Password Sniffing

    Other programs hack passwords simply by recording network traffic and finding the password strings. For instance, when you login at a website that doesn’t have SSL encryption, your password is sent in plain text to the server. Anyone who has access to the network either wired or wirelessly can sniff your password. If your password is sniffed there is no way to know until the attacker does something malicious to your account.

  • slide 5 of 5

    How To Protect Yourself

    You can protect yourself from password hacking programs first of all by choosing a strong password. Your password should contain at least one of the following

    • Upper case letter
    • Lower case letter
    • Number
    • Special character

    You should also make your password longer if you are allowed to. Having a password that is at least eight characters long is recommended. Other ways to protect yourself include turning on encryption in your wireless access point, changing passwords regularly, and using sites with SSL encryption whenever possible for logins.