How hackers steal your password

By Ron Lilek / March 14, 2023

How many passwords do you have? Even though having different passwords for every application that requires a login is a giant pain, (that’s why password management software is popular), when you use the same password, the more vulnerable you are if it’s compromised.

For example, if you use the same password for your email, your bank accounts, and your medical data, a hacker needs only that one password to wreak havoc on your life. As to the opening question, the average person has a need for about 100 different logins at any given time. With that said, here are some of the most utilized methods hackers employ to steal passwords: 


Phishing occurs over email or texting. In the phishing scam, the victim gets a text or email with an attachment or a link. If you’re unfortunate enough to not recognize the scam, you’ll open the attachment or click on the link. This will either prompt you to enter your password to continue, or deliver you to a hacker-controlled site, from which malware (like spyware or ransomware) can be uploaded onto your system. 

For example, today my text screen is filled with messages telling me that my Amazon account is blocked due to a billing issue. I could click on the text and whatever attachment the text contains, or I could just login to my Amazon account to verify if it has indeed been locked. But even if I just ignore this message (which I have), there’s no downside. If my account is locked, I’ll know the next time I try to use Amazon; and, if it is, I’ll contact Amazon directly through their Customer Service tab. Under no circumstances will I even open the text!


Vishing attacks are conducted via telephone. In this scheme, you receive a phone call from Microsoft, Amazon, Apple, a financial institution or even a federal agency like the IRS. The caller will instruct you to give up a password, bank account number, social security number, computer password, credit card number, etc. Next thing you know, your computer has been hacked, your bank account drained, your identity stolen, you name it. You’ve been “vish-timized”.  

In fact, no reputable entity will ever contact you by phone to ask for personal information, and even if you believe the call is legitimate, check it out with the supposed source before you give up any information, and tell the visher that you intend to do so. Once they realize that you’re not gullible, they’ll disappear. 

3. Malware

You can accidentally download malware from a website that has been compromised, a phishing email, an advertisement or even a bogus mobile app. Malware usually works by logging your keystrokes and then translating them into your passwords.  

4. Brute Force Attacks

In a brute force attack, hackers feed large numbers of previously hacked passwords into a software program that then runs those passwords across multiple sites, hoping to find more matches. That’s why using the same password for multiple logins is a bad idea. Sometimes, the brute force attack can consist of “password spraying”, in which hackers send commonly used passwords across random accounts, hoping to get a hit on some of them.  

5. Guesswork 

That’s right, sometimes hackers just try their luck at guessing passwords. So, if you use passwords like “password”, or “123456”, or “emails”, it’s time to put on your creative hat and re-think your password strategy. In a blogpost later this month, we’ll give you more detailed information on creating un-hackable passwords.

6. Shoulder Spying and Wi-Fi Eavesdropping

These have been around seemingly forever but are still being used. Anytime you’re logging in from anywhere, be sure no one is looking over your shoulder, even in your office and especially when you are in a public place like a coffee house or a library. 

As to WiFi eavesdropping, it’s never a good idea to do any banking or other highly confidential activity when you are on public WiFi. Someone may be watching, or even spying on you.

Even as this is being written, there are hackers trying to devise more ways to steal your passwords and invade your privacy, or in the worst-case scenario, steal your identity and ruin your life. The key to thwarting them is to use common sense and make sure your passwords aren’t easily breached. 

StratusComm – Managed IT Services can help with all your cybersecurity needs, including making sure your passwords aren’t unintentional “party” invitations to hackers. Reach out today and book a completely free assessment, which includes an evaluation of any passwords your business uses. You’ll be happy you did.   

If you have questions or struggling with your IT environment, feel free to contact us for assistance at (815) 444-8701 or