How Hackers Guess Your Passwords

There are many tricks that hackers use to guess or gain access to your passwords.  By being aware of their tricks, you can help prevent password theft.

Fake Websites

Have you ever gone to a sketchy website that will tell you which Harry Potter character you are or what your wizard name would be?  These websites are often fronts for password-harvesting operations.  They will ask for personal data mixed in with the game or quiz.  They often will ask for you to make up a password to receive your answer.

Scammers know that you will most likely use the same password that you usually use elsewhere.  Once they have your made-up password, they can use it to access most of your personal information.

The Weakest Link

Your password is like the key to your home.  You could have locks on every door and window, but if someone swipes your key for one door then all the other doors and windows can easily be opened.  If a hacker can swipe or guess your password, then they can just use the same tactics to access every portal you use passwords for.

Many scammers don’t even bother trying to swipe passwords through fake websites when they can just guess them.  Why go to all that trouble when you could find the passwords of many people just by guessing?  Software is available nowadays to help scam artists test millions of passwords per second.  One software system that was seized claimed to test 2.8 billion passwords per second.

How does the password-guessing software work?  It goes through all the pet names, nicknames, words, places, people, and things in the dictionary.  Then, it uses common techniques that people use to make their passwords “more secure.”

[email protected]$$word123

Since most websites require users to add numbers, symbols or capital letters, the software will then add the numbers to the end of each word and try capitalizing the first letter.  Most people will add 1 or 123 to the end of their password.  The software also knows that most people would change their a’s to @ symbols and their s’s to dollar signs if prompted to make their password more secure.

The Power of Perfect Randomness

The human mind is not great at achieving perfect randomness, but there are websites and apps that are there to help you do so. can create perfectly random passwords in just a few seconds.

Great! Problem solved, right? Sure, for the few people who install fingerprint locks on all their doors and panic rooms in their homes.  But the majority of people will use the same password that they’ve had for 10 years because it is easy to remember and less hassle. It is usually some pet name or phrase that they thought was clever at one point, mixed in with 1’s and @ symbols.

While it may seem near impossible to create a strong password after knowing the hackers’ tricks, you can still create a relatively strong password system by remembering these 4 tips:

1.  Avoid Predictable Passwords

Most of us are guilty of using these predictable “security” formulas for our passwords:

  • Using a name, place, or word as the seed.  Ex: fido
  • Capitalizing the first letter: Ex: Fido
  • Adding a number at the end: Ex: Fido1
  • Adding a common symbol at the end: Fido1!

Instead, try to avoid any of these common password formulas and try to mix uncommon elements and unpredictable patterns.  IT security pro, Mark Burnett, created a collection of the top 10,000 most common passwords, which he says represents 99.8% of all user passwords.  This just shows how our minds tend to think the same way when we try to amp up our password security.

2.  Use a Unique Password for Every Site

Obviously it is important to use different passwords because once someone gets ahold of your Facebook password, then they can gain access to your bank details too.

3.  Use a Password Manager

If you can remember it, then someone else can probably figure it out. That’s why the most secure option is to use a password manager and generator to keep all of your secure passwords in one place.

LastPass, Kee Pass, and 1Password are three password management systems that can generate random, long, and complex passwords for you and save them for easy access.

4.  Always Add 2-Step Verification

Lastly, don’t forget to use the two-step verification system for every site that supports it.  It is one of the best ways to keep your information protected against hackers.

While there is no one perfectly secure password out there, understanding how these tricks that hackers use will certainly improve help you to choose a stronger password.

Subscribe to Our Updates

Get regular tips, how-to articles, ecommerce-related news and event updates.