How Do Hackers Steal Passwords?

As a managed services provider (MSP), protecting yourself and your customers against password attacks is a serious business. By stealing passwords, a bad actor could gain access to top secret data, access bank accounts, or resell password information to other attackers. Because passwords are the key to so much critical information, protecting password information from attackers is critical for any modern business.

How safe is your password?

There are many different ways your customers’ passwords could become compromised, and it’s up to MSPs to prevent a password hacker from breaching your customers’ password security. To help prevent malicious computer hackers from accessing your system, you should first understand what a password attack might look like. Here are some of the most common methods used by attackers to steal passwords.

1. Trojan horse

Software with malicious intent is called malware. Malware is often introduced into your system via accidental download from suspicious websites that host pop-ups, or through “free download” links.

In a Trojan horse attack, an attacker disguises malware as legitimate software or a harmless link, possibly through a misleading email, a falsified website, or a fake advertisement. The downloaded malware then provides the attacker with access to your password data, as well as other data stored on your device.

To help prevent Trojan horses, use discretion when opening links in emails and when visiting new web pages. To automatically block Trojan horses before they wreak havoc, organizations should install firewalls and make sure to encrypt all important data.

2. Keylogger

A keylogger attack is a type of malware attack that is specifically designed to access password data. Keyloggers operate using a fairly simple set of rules: keylogging software logs your keystrokes as soon as you start your computer, which allows attackers to access passwords—no matter how complex your passwords might be.

Helping prevent keyloggers from gaining access to a system calls for many of the same basic precautions as any other malware attack. MSPs should educate technicians and customers to help ensure they don’t open suspicious links. In some cases, it may also be worth it to invest in keystroke encryption software. Another option is to use an encrypted password autofill service, which allows you to enter drop-down password data without typing out passwords on your keyboard.

3. Rainbow table

Rainbow tables aim to reverse password encryption. Encrypting your passwords is a common way to help prevent access via malware and other common hacking strategies. The most common way to encrypt passwords is by hashing, which is a one-way encryption process that has no single formula to reverse the encrypted data. Rainbow tables are expansive tools that run many potential hashing combinations in order to unencrypt hashed data. A rainbow table requires a lot of sophistication, but plenty of advanced cyberattackers know how to use them.

To help prevent a rainbow table attack, you can “salt” your hash by using a function that adds random characters into your encrypted data to throw hackers for a loop.

4. Third-party

A third-party attack, or a supply chain attack, is when a hacker gains access to your system through an outside partner, vendor, or provider with access to your data. As MSPs often hold the key to many of their customers’ systems, they are a potential target to gain access to multiple organizations at once.

Because third-party attacks initially occur outside of your system, it’s harder for password protection software to sense an attack is occurring. The best way to help prevent third-party attacks is to use a safe and reliable password manager to help ensure attackers cannot run away with your master vault. Third-party attacks can have devastating consequences not only in the form of the immediately compromised data, but also through lost customer confidence and loyalty.

5. Brute force

A brute force password attack is, essentially, a guessing game. Brute force attacks require hackers to run an immense number of character combinations until they finally guess the right code. With help from software, attackers can generate a previously unimaginable number of outcomes in a short period of time. To minimize the chance of success in case of a brute force attack, consider utilizing passphrases rather than passwords.

Best practices for online password security

For MSPs, knowing how to help prevent a password attack is a critical part of providing effective IT services. If an MSP has allowed a cyberattacker to slip through the cracks, they may quickly earn a reputation of being unskilled or untrustworthy. On the other hand, MSPs who know how to help prevent outside attacks can more easily maintain positive customer relationships.

To stay one step ahead of cyberattackers, a reliable password management tool can go a long way. N‑able^® Passportal helps you generate strong passwords so you can help prevent brute force attacks, encrypt data to protect against malware, and rapidly reset passwords to mitigate damage if hackers do gain access.