Five Ways Hackers Can Get Your Password, and How to Stop Them

It starts abruptly with a friend telling you your social media account has gone haywire, flooding everyone with gibberish messages and links.

You try to log in, but a popup tells you the password is incorrect. You frantically tap the reset password button and rush to your email account, but there’s another shock: your email password doesn’t work either.

You realize that it’s not just your email and social media; you’re locked out of most of your accounts. Your whole digital life is in chaos.

But how could this have happened? Chances are one or more of your passwords were stolen and hackers have hijacked your accounts. Can you get them back? Maybe, but it’s going to be hard, and it’s going to eat up a lot of time. Could this have been prevented? Most likely, but for that, you would need to know more about what you're dealing with.

Password guessing

This happens when you choose an easy-to-remember but predictable password that’s probably used by 10 million other people around the world. The most striking examples here would be “123456789”, “qwerty” or the word “password”, three choices that rank high on the list of most-used passwords in the world, tear after year. Cybercriminals don’t even have to break a sweat to get in; they just cross-check a list of accounts with a list of common passwords. The technique is known as “password spraying” and it's alarmingly effective, as people prefer simple passwords that they won’t forget.

What to do: Choose long, complex passwords that ideally incorporate upper and lowercase letters, numbers and special symbols. Avoid including personal, easy-to-find information, like your date of birth, name, or telephone number as they’re easy to deduce. Bitdefender Password Manager is a service that relieves you of the burden of having to remember dozens of long passwords. It generates strong, unique, random passwords for all your accounts and safely stores them in an encrypted environment.

Data breaches

Passwords are leaked every day because of cyberattacks, server misconfigurations, insider threats and other types of incidents that result in data breaches. They often wind up on the Dark Net where they’re traded for a lot less than you think. And if you’re wondering why hackers are so interested in an old password you used to order pizza, a long time ago, it’s because they know people often reuse passwords and they’re hoping you did too. They use a technique called “credential stuffing,” which consists of crosschecking leaked passwords with known accounts.

What to do: Although there’s nothing you can do to prevent data breaches, you can minimize your risks by never using the same password on more than one account. Bitdefender Password Manager can help you generate an infinite number of strong unique passwords, so you’ll never have to repeat yourself.

Phishing

You may not know it, but you probably have a phishing example in your Junk/Spam email folder right now. It’s that message you get from a trustworthy institution, like your bank, your mobile service provider, or your favorite retailer, informing you there’s a problem with your account and you need to urgently enter your credentials, using the link provided.

It’s a hoax. The message is actually from cybercriminals using a similar email address and a cloned website, who are trying to make you enter your credentials so they can steal them. Once you type your username and password, in some cases even your credit card number, the criminals have full access to your account, and they can do whatever they want.

What to do: Whenever you get a message urging you to take immediate action, take a moment to check for fraud indicators: What’s the sender’s address? Is it the right domain? Does the message have poor grammar? Is the message coherent? Does it address me? Never log in using links you get in emails or messages. Instead, open a separate browser and log in following the usual steps. It’s also a good idea to activate multi-factor authentication (MFA) whenever you can. Even if your password is somehow stolen, criminals can’t log in without controlling the extra authentication methods. Last but not least, consider using a Password Manager. Bitdefender Password Manager can protect you from Phishing attempts because it auto-fills your passwords on legitimate websites. If you’re trying to log in on a cloned website, for instance, your password manager will know you're not in the right place and won’t fill in the password.

Malware

Despite what you’ve heard, or even experienced by now, malware or computer viruses aren’t all the same. Some flood you with spam, some lock your files and ask for a ransom, and others wreak havoc and make your device inoperable. However, some are much more stealthy. They quietly hide deep within your system and record everything that you do and type. This includes passwords, credit card numbers and private conversations. They're called keyloggers and they’re incredibly good at stealing personal information and spying.

What to do: The best way to deal with malware and keyloggers is to never get infected in the first place. To do that, it’s always a clever idea to have a dedicated security solution installed on your device. On top of that, constantly update your software whenever a new security patch becomes available and avoid clicking or downloading suspicious email attachments. However, if you somehow do happen to get infected, Bitdefender Password Manager can help you. Because it stores all your passwords in a secure encrypted environment, no one can touch them besides you, and since it auto-fills your credentials everywhere you need them, you don’t have to type anything physically.

Shoulder surfing

Recent surveys have shown that people love writing their passwords on post-it notes and sticking them in easy-to-reach places. It’s an effective way to always have your password close, without having to remember it. However, this method has a lot of obvious downsides. The biggest one is that anyone with access to that post-it can steal your password. That may not be a problem at home, but what if it happens at work, or what if you’re in a public place and someone looks over your shoulder at the password you have saved in your notebook or in a text file on your phone?

What to do: Bitdefender Password Manager generates strong passwords and relieves you of the burden of having to remember everything by storing them in a secure encrypted environment where only you can reach them. Moreover, it autofills your passwords whenever they’re needed and hides them even from shoulder surfers so that you can focus more on the things that really matter to you.