How easy is it to figure out your password for a hacker?
Our mate, let’s call him “John” uses the password ‘buster1993!’ representing his dog’s name and the year he graduated from university.
If we wanted to hack John’s password, there are a few avenues we could take. Common password formats include names and numbers, so what names and numbers are relevant to John?
- If you Google John, you find he has some publicly available Facebook and Instagram information.
- John posts photos of his dog all the time, hell it even has its own Instagram page. Buster is a handsome critter.
- Now let’s look for dates on John’s profiles
- John has his birthday publicly available so the password could be ‘buster25121974’ or ‘buster1974’ or any combination.
- John has photos of his big events in his life with dates, his graduation was in 1993, his first child was born in 1999 and he was married in 2001. So let’s try passwords ‘buster1993’, ‘buster1999’ and ‘buster2001’.
- John was told it is a good idea to use special character in his password but they’re hard to remember, so he puts a ‘!’ at the end of the password. Making the following valid options to attempt and as you can see by attempt eight we hit the proverbial treasure.
- buster25121974
- buster1974
- buster1993
- buster1999
- buster2001
- buster25121974!
- buster1974!
- buster1993!
- buster1999!
- buster2001!
The other way around it would be to see if someone has already cracked his password, and has made their password list public. What do you know… John’s password is on the “SecLists-master” wordlists that hackers use to brute force passwords.
You can even use social engineering to get someone’s password. Check out what Jimmy Kimmel did in the below clip:
So what’s the point of all this?
- Be careful what you share publicly on the internet. It really does give away a lot more than you think.
- Use Two-Factor Authentication on your accounts whenever possible.