How Do Hackers Get Your Password? 5 Types of Password Attacks
How Do Hackers Get Your Password? 5 Types of Password Attacks
How Do Hackers Get Your Password? 5 Types of Password Attacks

It happens to people everyday. Identities are stolen, money is taken out of accounts, and all manner of breaches are attempted against your personal accounts. 

But how does it happen? The truth is, there are multiple tried and tested methods which hackers use to steal your passwords online. 

This page contains the top five most widely used methods of hacking. Utilizing managed IT services can also help to keep your information secure.

Credential Stuffing

Credential stuffing is hard for people to prevent, which makes it frustrating. Credential stuffing occurs when a website is breached and the website contains the vital data of all its users. 

Right away the hacker has access to all of your data, including sensitive data like passwords, address, purchase history, and maybe even bank information. 

The problem here is that around 62% of people reuse passwords. Consequently, if a hacker finds your password to a relatively trivial website, and the password is the same as the one you use for your banking password, they may be able to gain access to that account.


Phishing is a form of hacking which you’ve most likely heard of in some way. Phishing is where the hacker will trick you into giving them your password. 

One of the more popular methods of phishing is sending an email which looks genuine and identical to one that comes from a trusted business, inviting you to log in and immediately change something due to a security breach. 

Some of these fake websites appear exactly like the real one. But, if you know what you’re looking for they’re easy to spot; simply double check the URL whenever you’re suspicious. 

Password Spray

This is a common form of hacking. This occurs when the hacker will obtain your username, and will guess at multiple popular passwords until they gain entry. 

A password spray only really works if you don’t use a strong password. Try and think of something outside the box to ensure it won’t be easily guessed. There are password generators online, but they can be a little hard to remember.

Creating a password that is nonsensical, with capital letters, numbers, and characters is usually your safest bet. (Ex: FeRretPanCAke78$)

Keystroke Logging

Keystroke logging typically occurs as the result of a software installed on your computer via malware. It is able to pick up on every key you enter and sends it over to the hacker. 

The hackers use logger software, so they only have to look through for a common theme password and they’ll have everything. 

You need to be careful what you click online, and don’t give any site or app permissions that they don’t need, especially when asked if they can run something as the administrator. 

Local Discovery

Discovery used to be a more popular form of hacking than it is today. Most people enter their passwords into a note in their phone, which is usually protected by a thumb print, another password, or face ID. 

However, there are still people who write them down physically. These notes can be stolen and the passwords applied. Try not to write them down, and if you do, change them frequently. 

It doesn’t matter how good your password is, if it is left lying around for anyone to find.

SME Paid Under

About the Author

Chris Turn

VIP Explorer’s Club