IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Password-cracking techniques – Offline cracking, shoulder surfing, guessing

Some of the most common, and most effective, methods for stealing passwords

We've already covered some of the more sophisticated techniques available to hackers, often involving live network analysis or the distribution and management of malware. Yet there are a handful of techniques that can be utilised that either remove the need for hackers to worry about evading detection, or are so crude in their nature that they are difficult to intercept.

10. Offline cracking

Ethernet cable disconnected from the back of a router

It’s important to remember that not all hacking takes place over an internet connection. In fact, most of the work takes place offline, particularly as most systems place limits on the number of guesses allowed before an account is locked.

Offline hacking usually involves the process of decrypting passwords by using a list of hashes likely taken from a recent data breach. Without the threat of detection or password form restrictions, hackers are able to take their time.

Of course, this can only be done once an initial attack has been successfully launched, whether that's a hacker gaining elevated privileges and accessing a database, by using a SQL injection attack, or by stumbling upon an unprotected server.

11. Shoulder surfing

You might think the idea of someone looking over your shoulder to see your password is a product of Hollywood, but this is a genuine threat, even in 2020.

Brazen examples of this include hackers disguising themselves in order to gain access to company sites and, quite literally, look over the shoulders of employees to grab sensitive documents and passwords. Smaller businesses are perhaps most at risk of this, given that they’re unable to police their sites as effectively as a larger organisation.

Security experts recently warned of a vulnerability in the authentication process used by WhatsApp. Users trying to use WhatsApp on a new device must first enter a unique code that's sent via a text message, which can be used to restore a user's account and chat history from a backup. It was found that if a hacker was able to obtain a user's phone number, they are able to download the app to a clean device and issue a prompt for a new code, which, if they are in spying distance, they could copy as it arrives on the user's own device.

12. Guess

Image of a man thinking in front of a board filled with abstract ideas

If all else fails, a hacker can always try and guess your password. While there are many password managers available that create strings that are impossible to guess, many users still rely on memorable phrases.

These are often based on hobbies, pets, or family, much of which is often contained in the very profile pages that the password is trying to protect.

The best way to remove this as a potential avenue for criminals is to maintain password hygiene and make use of password managers, many of which are free.

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Recommended

Cyber resiliency and end-user performance
Whitepaper

Cyber resiliency and end-user performance

17 Aug 2022
Can't choose between public and private cloud? You don't have to with IaaS
Whitepaper

Can't choose between public and private cloud? You don't have to with IaaS

12 Aug 2022
What is zero trust?
network security

What is zero trust?

14 Jul 2022
Retbleed hardware-level flaw brings overhead woe to Intel and AMD
Hardware

Retbleed hardware-level flaw brings overhead woe to Intel and AMD

13 Jul 2022

Most Popular

Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs
zero-day exploit

Apple patches 'superpower' zero-days affecting iPhones, iPads, and Macs

18 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
Google is now spending a staggering amount on blockchain
Business strategy

Google is now spending a staggering amount on blockchain

17 Aug 2022