Password thieves operate very covertly and most people do not even realize they have been scammed until it’s too late. Being one step ahead of the hackers is the only way you can protect your data from these unscrupulous thieves. First, you have to know the techniques the hackers employ.
Brute Force Attack
Brute force is, simply explained, guesswork on the part of the hackers. The hacker uses a program that guesses passwords that they think you are likely to use. The program runs all likely passwords and even try upper and lowercase. In short, it is trial-and-error that the software uses to generate a substantial number of guesses. Brute force attacks are used by hackers to decrypt data or for testing a system’s security.
A dictionary attack is another variation of brute force attacks and as the name suggests, the hackers use commonly used words to try and crack your password. Most people use common words to create passwords. Hackers obtain a list of all the commonly used words (hence the term dictionary) and run them through a program, also inserting numbers either before, after or between the words.
Many companies can be a hacker’s paradise. The usernames are mostly based on the employees’ names, and the hacker does not have to struggle to obtain the user names.
Social Engineering Attacks
Social engineering attacks use different techniques to steal passwords from unsuspecting users, and they include:
- Phishing: Users are tricked via emails or texts that purport to be from legit sources. Clicking on the provided ink redirects you to the hacker’s site where they proceed to ask for and steal your login details.
- Spear Phishing: This is no different from phishing, except this is a more elaborate scam, involving emails that target you specifically, armed with details the hacker had gathered beforehand. For example, you might have had a problem with your bank, which the hacker is aware of, and they might send you an email or text purporting to be your bank.
- Baiting: Hackers plant USBs or other malware infected gadgets lying around public places, or organizations they are targeting, hoping someone uses it and thus infecting the system with malware.
- Quid Pro Quo: The hacker impersonates someone from an organization, for example, the telephone company, and tries to extract information from the user.
Rainbow Table Attacks
This technique involves the values of passwords, which are encrypted as hashes. The Rainbow table is a pre-computed table of hashes used to reverse cryptographic hashes, mostly used for cracking the encrypted password hashes. These tables are normally used to recover a password that is of a specific length and consists of limited characters.
How to Thwart Attacks
Now that you have an idea of how password thieves work, it is much easier to protect your data and thwart off attacks. There are various ways to do this:
 Install a VPN
Virtual Private Networks (VPNs) are an excellent way to ward off attacks from hackers. A VPN provides you with a secure connection to the internet in a secure network, protecting your privacy by guarding your online traffic from prying eyes. In this way, they put up a strong layer of defense against hackers or anyone who might be interested in your online activities. And yet another key feature of a VPNs: they hide your IP address and give you a high level of anonymity from the websites you visit.
The additional defense layer provided by a VPN protects your security and encrypts your data, reducing any chances of hacking. Avoid free VPNs at all costs as they might be compromised and sell your data to interested parties. Instead, use a reputable VPN service provider.
 Confirm Links
Before you click on any links in an email, make sure you check on the URL. If the URL is prefaced by HTTP, and not HTTPS, that link is insecure. Try instead to copy-paste the link directly on your browser and check its authenticity.
 Password Managers
A password manager is a brilliant way to ward off attacks. The password manager generates, then stores for you, long, random, and unique passwords which you do not have to remember. A single authenticating password or biometric fingerprint controls access to the password manager. In many password managers, they can be set to auto-fill the account login fields for any sites you visit. This greatly curtails any phishing attempts.
Passwords are typically meant to be long and generated at random, or they will be too easy for hackers to guess. The password manager makes this process very easy for you, but harder for the hacker.
 Multi-Factor Authentication
Strong passwords are often not enough on their own. Hackers are becoming more innovative by the day, so you have to apply more stringent measures. Organizations are especially at risk, with hackers targeting data in return for a return for a ransom payment through ransomware. As such, they should employ tools that make authentication more rigorous, such as multi-factor or two-step authentication. This technique requires the user to add extra details during logins, such as a retina scan, fingerprint, or unique code sent to a trusted smartphone. This makes it very hard for impersonation by a hacker or even a fellow employee.
Hackers work hard at ways to get around security measures. Some measures work better than others, but ultimately, being vigilant works best. Avoid clicking suspicious links and logging into public Wi-Fi without the protection of a VPN. You have to work as hard as, if not harder, than the hacker at protecting your precious information.