How your passwords can be stolen without you even knowing it

How can your password be stolen without you even knowing it and how can you set a secure password to make it as hard as possible for anyone to get hold of it ?

Let us take you back to one of the most notorious breaches when a site called Rock You which was a website developer, was breached in 2009.

They stored all their passwords in clear text, so 32 million user details were leaked.  As a result, they were fined approx. $250,000.

What was found, is that a lot of those passwords were the same and included passwords like baby girl, monkey, princess1234567, Nicole….

From the 32 million, a text file was created with 40 million of those common passwords in it and so whenever someone tried to crack a password, they would use this text file with 40 million known passwords.

So how do they crack a password ? If a site uses weak encryption, it will take the password and put it through a known encryption method and it will come out with a load of jumble including hashtags, questions marks and other symbols.

What a hacker will do, is take the known list of words such as ‘princess’ and will put it through the same encryption and they too will come out with a jumbled version. They will then compare their jumbled version with the website. If 2 versions of the password match, they know they have cracked the password.

What they can also do is change vowels to numbers. For example, they might change a password like princess to pr1ncess. They will also add numbers onto the end of words and will start to put 2 words together.

Remember that hackers have very powerful computers and often have what we call ‘botnets’, so that they can go through a huge amount of passwords and test what matches those they got from the data base.

This is why, it is extremely important to have a really clever and strong password that isn’t going to be breached easily. If you are interested, we have a service where we can run a search against your domain to look for passwords that have already been leaked onto the dark web. If passwords have been leaked, then now is the time to change them.

Want to know more about how to create a really strong password ? please get in touch 0115 753 0123

Leave a Comment

Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.