Common password Cracking methods :

Common password Cracking methods :

Social Engineering:

Social engineering is when a hacker takes advantage of trusting human beings to get information from them. For example, if the hacker was trying to get the password for a co-workers computer, he could call the co-worker pretending to be from the IT department. Social Engineering is used for different purposes.


If somebody tries to get login information or any other sensitive information from you, ask them some questions. Try to find whether the one who is trying to get the info is legit or not.

Shoulder surfing:

This method doesn’t need the usage of hacking knowledge. The hacker would simply attempt to look over your shoulder as you type in your password.


Make sure nobody’s looking when you type your login info.

Dumpster Driving:

In this the hacker would simply try to find any slips of paper in which you have written the password.


Do not write your passwords or login information anywhere. If you write, keep them somewhere safe.


If yours is a weak password, a hacker could simple guess it by using the information he knows about you.

Guessable passwords:

1. Blank (None). (Most of the websites do not allow blank passwords)

2.The word “password” “passcode” “admin” and their derivatives.

3. The username or login name.

4. The names of their loved ones.

5. Their birthplace or date of birth.

6. A dictionary word in any language.

7. Automobile license plate number.

8. A row of letters in a standard keyboard layout.
Example: asdfghjkl or qwertyuiop etc.


Use passwords that are not easily guessable and not found in any dictionary.

Dictionary Attacks:

A dictionary attack is when a text file full of commonly used passwords, or a list of every word from the dictionary is used against a password database. Strong passwords usually aren’t vulnerable to this kind of attack.


Use the passwords that are not found in dictionary in any language.

Brute-force Attacks:

Brute-force attacks can crack any password. Brute-force attacks try every possible combination of letters, numbers, and special characters until the right password is found. Brute-force attacks can take a long time. The speed is determined by the speed of the computer running the cracking program and the complexity of the password.


Use a password that is complex and long. Brute-force attack may take hundreds, even thousands of years to crack complex and long passwords.

Rainbow Tables:

A Rainbow table is a huge pre-computed list of hashes for every possible combination of characters. A password hash is a password that has gone through a mathematical algorithm (such as md5) that transformed it into something which is not recognizable. A hash is a one way encryption so once a password is hashed there is no way to get the original string from the hashed string. A very common hashing algorithm used as security to store passwords in website databases is MD5. It is almost like a dictionary attack, the only difference is, in rainbow tables attack hashed characters are used as passwords whereas in dictionary attack normal characters are used as passwords. ‘hello’ in md5 is 5d41402abc4b2a76b9719d911017c592


Choose a password that is long and complex. Creating tables for passwords that are long takes a very long time and a lot of resources


Many hackers and internet security experts say that Phishing is the most easiest and popular way to get the account details. In a Phishing attack the hacker sends a fake Facebook or any other webpage link to the victim which the hacker has created or downloaded and uploaded it to any free hosting sites like or any free webhost. The hacker sends the fake login page link through E-mail or while chatting, etc. When the victim enters the login details, the victim is redirected to the original login page and the hacker gets the victim’s login details.


Phishing attacks are very easy to avoid. When you are asked to put your personal information into a website, look up into the URL bar. If for example you are supposed to be on and in the URL bar it says something like or something, the you should know it’s fake.

RATing and Keylogging:

In keylogging or RATing the hacker sends a keylogger server or RAT server to the victim. The keylogger records every key stroke of the victim. When the victim is typing the account details, the keylogger records and sends it to the hacker.


It is better to use on-screen keyboards or virtual keyboards while tying the login info or personal info. Install the latest anti-virus software and keep them updated.

Note: There are several other types of password cracking but, these are the most common types.