Passwords are currently the most common authentication method used online today. While biometric alternatives are slowly gaining popularity, this is still not enough to replace passwords entirely. The primary objective of hackers is to try and retrieve your login credentials by using various password attacks.
The first of these attacks is a brute force attack – this method involves trying every possible combination of letter and number, sometimes including special characters, to try and identify your password.
The second method is named a dictionary attack – the attacker uses common dictionary words that have been compiled into a list to try and match a given password. The attacker can append or prepend numbers, special characters or even use “leet” conversion to replace o’s with 0’s, I’s with 1’s, S with $ and many other examples.
Of course, the strongest passwords are suddenly turned into the weak link after data breaches. That’s why it’s vital that you use a unique password across each service. For example, Yahoo announced two major data breaches affecting up to 1 billion users in 2013/14, and subsequently resulted in the credentials of these accounts being accessible on the internet. Even if your password is @C0mPL3telYUnbR3akable, this is irrelevant if this is the same password you use across all other websites with the same email address. Attackers are extremely efficient at testing for password re-use, and once your email address and password from the breach are identified, the attacker will test this across hundreds, if not thousands of services to attempt access.
If you are interested in finding out roughly how long it would take a hacker to determine your password using the methods mentioned above, you can test the strength of it at https://howsecureismypassword.net/