Understanding How a Password is Cracked

If you were to ask us what one of the most
important cybersecurity features to have is, chances are, we’d answer “secure
passwords.” Sure, this might be the answer that you’d hear from everyone, but
that’s because it is really that important. For our tip, we’ll illustrate how
it’s so important by examining a few key processes hackers use to crack a

Your Passwords Are Stored

When you input a password into a program or a
website, it needs to be referenced against some record to ensure that it is the
correct credential. That record contains your password in a
mathematically-based scrambled form known as a hash.

Using a hash means that the password isn’t as easy for a hacker to intercept.
However, this is not to say that an attacker has no options to leverage,

How a
Hacker Can Use the Hash

Unfortunately, there are a few ways that a
hacker can still work to crack your password. For instance, online attacks are
typically leveraged with the assistance of social engineering or phishing
efforts, with more likely passwords being deduced by the hacker before
attempting any and inadvertently locking down the account.

There are also offline attacks where the
hacker simply takes the hash and brings a copy offline to work at as they are
able. These attacks are relatively effective against intercepted documents with
password protections, although they are still far from easy.

Efforts a Hacker Makes

In order to effectively conduct an offline
attack, the hacker may ultimately need to try out multiple passwords - numbers
that can approach the millions and billions. However, hackers also have a few
means to narrow down the possibilities, enabling them to greatly decrease the
time it takes to crack the targeted account.


Many hackers have their own dictionaries of
common passwords to test out, with entries like ‘admin,’ “12345,” and the old
classic, “password.” Of course, their resources could contain millions of
potential passwords and they usually utilize the computing power necessary to
review them much faster than any human could unaided.

Set Attacks

If a password doesn’t appear in a hacker’s
dictionary, they can instead utilize programs that enable them to
cross-reference certain rules to identify a password’s contents. For instance,
if they had the necessary information, a hacker could specify a certain number
of characters are in a password, whether any letters are capitalized or
lowercase, and many more specific details. This enables passwords to be cracked
much more efficiently.

Force Attacks

When a gentler touch fails them, a hacker can
resort to performing a brute force attack on your password. These attacks try
any combination of characters possible, until they either stumble upon the
correct combination or simply overwhelm a system.

As you can see, there are plenty of ways that
a password can be cracked, which is precisely why we encourage users to never
use the same password twice, regularly change their passwords, and utilize
2-factor authentication whenever possible. This will ensure that even if your
password gets stolen, there is a lower chance of it being used against you.

Reach out to us to learn more about your cybersecurity give Emerge a call at 859-746-1030 today!