Techniques used by hackers to retrieve your passwords
f.Social Engineering
The simplest way to discover someone’s password is to make them tell their password. Sharing passwords with unknown persons (strangers) can lead to misuse of information, provide access to private account/device and can lead to loss of personal information/sensitive data. This can be done by persuading them to type it into a website you control (phishing).
Few tips to avoid social engineering threats
- Beware of any pretext by caller or stranger requesting for sensitive information like PIN, password etc.,
- You must not share passwords with unknown persons (strangers) through email or SMS or any other means.
- Never click on suspicious links or believe any calls or posts for free offers/lottery/gifts etc., asking you for personal information
g.Rainbow table attack
Rainbow tables aren't as colourful as their name may imply but, for a hacker, your password could well be at the end of it. This table contains hashes of all possible password combinations for any given hashing algorithm. Rainbow tables are attractive as it reduces the time needed to crack a password hash to simply just looking something up in a list. However, rainbow tables are huge, unwieldy things.
h.Credential stuffing
This is an automated method, where attackers use pre-computed lists of credentials obtained from past breaches, and test them on other websites. If the same username and password is being used on multiple sites, this can result in multiple accounts getting compromised.
The best way to prevent such attacks is to use unique, complex and long passwords, regularly update the passwords and enable two factor authentication wherever possible.
Also keep an eye on any suspicious activity on the accounts, and act fast in case of any unusual access or login.