top of page

Methods of Mayhem: How Hackers Get Passwords

Hackers have many techniques to obtain someone's password, which can be used to gain unauthorized access to their accounts or systems. Understanding these methods can help individuals and organizations protect themselves against password-based attacks.

  • Brute-force attacks involves using a program to try every possible combination of characters to guess the password. This can be effective if the password is simple or common but becomes less effective as the password gets longer and more complex. To protect against brute-force attacks, it is important to use strong, unique passwords that are at least 8 characters long and include a mix of upper and lowercase letters, numbers, and special characters.

  • Dictionary attacks are similar to brute-force attacks but use a pre-defined list of words (and common variations) instead of trying all possible combinations. To protect against dictionary attacks, it is recommended to avoid using common words or phrases as passwords and to use passphrases instead of single words. A passphrase is a longer phrase made up of multiple words, which can be easier to remember but harder to guess.

  • Phishing attacks are a very common way that hackers obtain passwords. In a phishing attack, the hacker sends an email or text message that appears to be from a legitimate source, such as a bank or online retailer, in an attempt to trick the recipient into revealing their password or other sensitive information. To protect against phishing attacks, it is important to be cautious when receiving unsolicited messages and to verify the authenticity of any request for personal information before responding.

  • Keystroke logging is a method that hackers use to get passwords involving installing a program on someone's computer that tracks the keys they press, including passwords. Keystroke logging can be difficult to detect but installing anti-malware software and keeping it up to date can help protect against it.

  • Social engineering involves manipulating or tricking someone into revealing their password or other sensitive information. Social engineering can take many forms, such as pretexting (posing as someone else), baiting (offering something tempting), or scareware (using fear to get someone to act). To protect against social engineering attacks, it is important to be aware of these tactics and to resist the urge to reveal personal information or passwords to anyone, even if they appear to be a trusted source.

  • Password reuse can leave your accounts vulnerable to hacking. If a person uses the same password on multiple websites and one of those websites suffers a data breach, the hacker can try using the compromised password to gain access to other accounts. To protect against password reuse, it is important to use unique passwords for each of your online accounts and to change them regularly.


There are many ways to obtain passwords, including brute-force and dictionary attacks, phishing, keystroke logging, social engineering, and password reuse. To protect against these attacks, it is essential to use strong, unique passwords and implement Multi-Factor Authentication (MFA) everywhere you possibly can. Be cautious when sharing personal information online. By following these recommendations, individuals and organizations can help protect themselves against password-based attacks and maintain the security of their accounts and systems. To learn more about protecting your accounts from bad actors, visit our Cybersecurity and our Multi-Factor Authentication pages.

Talk to the experts at CyberSolve to see how your organization can implement Cybersecurity to fit your organization’s needs.

bottom of page