Most Common Password Vulnerabilities You Should Know About

Most Common Password Vulnerabilities You Should Know About

Phishing, wordlist attack and brute force attack are few of the most common attacks that can make your

We often talk about the importance of keeping our password secure and incorporate various practices to do so but still one must take into consideration that cybercriminals are only a few steps away from stealing it.

We often see someone’s computer or smartphone getting hacked because someone got access to a user’s passwords.

In extreme cases, there is not much to do, but it is important for you to know the common methods currently used by hackers to discover and steal the passwords.

In this way, you can have a much better sense of how to defend yourself and avoid such situations.

As per a notice posted by Flipboard in the last month, the news aggregation channel had been hacked not once but twice within a span of the past year.

This incident had put at risk the passwords of about 150 million users. Although, it wasn’t made clear as to how many users were affected by this breach.

Key methods of cyber-attacks that make your password vulnerable are described below. Also, it is mentioned as to how do they work and what precautions are required to obstruct cybercriminals from gaining access to your password.

5 Most Common Password Vulnerabilities

Password Vulnerability due to Phishing

This type of attack causes victims to believe they are accessing legitimate content, usually e-mail or websites, when in fact they are accessing fake content produced by the attackers.

This type of content usually leads victims to fill in existing login and password data from other legitimate sites or services, such as Google and Facebook, which when filled in, allows the attacker to store the passwords before redirecting the victims to a legitimate site.

How to avoid:

Attackers often copy the image of sites almost perfectly, that are looking to steal passwords. But there are a few important items which cannot be copied, such as the site addresses and the links within it. Always check the links to make sure they belong to the desired location.

Brute Force Attack puts your password at risk

A brute force attack is the name of the action performed on a website to test it with thousands of software, check against millions of passwords until you find the right one. It is a robot that randomly tries passwords to connect to the website.

How to avoid:

No one can really prevent a robot from doing these actions, but it is possible to reduce and discourage such hackers. One of the first solutions is to increase the security of the website by forcing its members to create more complex passwords.

For example, a minimum of 8 characters, containing a combination of numbers and letters. This will make the task of the robot much more complex.

Dictionary or Wordlist Attack

The dictionary-based attack or wordlist attack is also considered a brute-force attack. The attacker uses files containing thousands or even millions of words of the most varied types and languages and software that allows this list to be tested quickly until the victim’s password is found or until the dictionary finishes.

How to avoid:

Usually, the passwords present in dictionaries are not very extensive, that is, they have less than ten characters. To avoid becoming a victim of dictionary attacks use passwords that have more than 12 characters.

Like most attacks, the above attacks can be prevented by adopting some simple behavioral changes, and there are security solutions that can make this task even simpler.

Social Engineering

Social engineering is somewhat similar to phishing attacks and is a widespread spying method aimed at gaining access to confidential data.

To extract confidential information, scammers very often exploit good faith, helpfulness, but also the insecurity of people. Whether over the phone, pretending to be someone else or the Internet, they are ready to do anything to get access to personal data.

How to avoid:

Reveal as little personal information as possible; social networks are real mines of information. Be suspicious when asked for an email ID. Even emails from known senders can be falsified.

Malware attack on passwords increasing by the day

Malware is the most obvious and efficient tactic to steal passwords at the moment. Unlike most powerful viruses, they are not so apparent because their goal is to steal your data without you knowing or introduce a remote access Trojan horse to steal your credentials.

How to avoid

To prevent this from happening to you, keep your antivirus up to date, scan frequently, and avoid suspicious sites that are full of pop-up ads.


After all, careless behavior leaves crucial data and passwords vulnerable to cyber threats that can damage privacy.

To get an idea of the risks, Kaspersky reports say that phishing attacks more than doubled in 2018 to reach almost 500 million and it registers an average of 3.7 million malware attacks per day and blocks 192,000 phishing messages per day.

But by keeping in mind the above-mentioned common password vulnerabilities, we can ensure its security to an extent.

You may also like to Read:

5 Best Practices for Password Security in 2019
Cyber Threat Business Should Expect in 2019

About Jason Hoffman

I am the Director of Sales and Marketing at Wisdomplexus, capturing market share with E-mail marketing, Blogs and Social media promotion. I spend major part of my day geeking out on all the latest technology trends like artificial intelligence, machine learning, deep learning, cloud computing, 5G and many more. You can read my opinion in regards to these technologies via blogs on our website.