- 'Brute Force' (aka 'Dictionary') Repetition
- Social Engineering (commonly: phishing)
- Administrator Back Doors
Brute force is about overpowering the computer's defenses by using repetition. In the case of password hacking, dictionary attacks involve dictionary software that recombines English dictionary words with thousands of varying combination. (Yes, much like a Hollywood safecracker movie scene, but much slower and much less glamorous). Brute force dictionaries always +start with simple letters "a", "aa", "aaa", and then eventually moves to full words like "dog", "doggie", "doggy". These brute force dictionaries can make up to 50 attempts per minute in some cases. Given several hours or days, these dictionary tools will overcome any password. The secret is to make it take days to crack your password.
2) Social Engineering Attacks
Social engineering is the modern con game: the hacker manipulates you to divulge your password by using some kind of convincing personal contact. This personal contact might involve direct face-to-face communications, like a pretty girl with a clipboard doing interviews in a shopping mall. Social engineering attacks might also occur over the phone, where a hacker will masquerade as a bank representative calling to confirm your phone number and bank account numbers. The third and most common social engineering attack is called phishing or whaling. Phishing and whaling attacks are deception pages masquerading as legitimate authorities on your computer screen. Phishing/whaling emails will often redirect the victim to a convincing phishing website, where the victim types in their password, believing the website to be their actual bank or online account.
3) Administrator Back Doors
This kind of attack is akin to stealing the building master keys from the building janitor: the perpetrator accesses the system as if they were an entrusted employee. In the case of computer administrators: special all-access accounts allow the user into areas where only trusted network administrator should go. These administrator areas include password recovery options. If the hacker can enter your system with the administrator's account, the hacker can retrieve passwords of most anyone on that system.
How Do I Defend Against Brute Force Hackers?
Just like defending against car thieves, there is no way to reduce your risk to zero. But it is possible to make it very difficult for brute force hackers to enter your accounts.
The best thing you can do is create complex passwords that use cryptic spelling and do not resemble regular English words. When combined with CAPTCHA services at your online accounts, your risk of being brute-force hacked is dramatically reduced. Related: How to Make a Good Hacker-Resistant Password
Related: How CAPTCHA Tests Work
Related: Examples of Good vs. Weak Passwords