top of page
  • Writer's pictureSara Millis

Password Attack or Password Cracking: What is it, how bad is it and how you prevent it

Updated: Nov 18, 2022

Cyberattacks have been on the rise since Covid-19 and password attacks or Password Cracking is one of the biggest problems businesses face. In this blog article, we will be looking at the types of attacks you might face and how to deal with them.

Don’t forget this is part of our series of cybercrime informational blogs!

word password as text among 1s and 0s on a green background

What is a Password Attack or Password Cracking?

Password Cracking (or password hacking) is a hacker's attempt at determining password information. Hackers often use automated password cracker software developed to make estimated access attempts through programmed techniques and variables.

Once a password attack is successful the cybercriminal (threat actors, as we call them) can steal login credentials to use these to access your accounts and their sensitive data. They can also use this information to attempt entry to other accounts they know you might have.

In business, threat actors are likely to strike at systems administrator accounts. Gaining access here will allow the hackers to enter your entire network, its systems, files and other sensitive data (like domain access or databases). They may even use employee details to extend their search for spoils to your suppliers and client networks.

How common are Password Attacks or Password Cracking?

It’s thought that 61% of data breaches were a result of Password Cracking, so it is likely that at some point, on one of your devices you will notice an attempt to log into an app, or account that wasn’t you.

Types of password cracking attacks

Here are some of the attack types that we think you should be on the lookout for. These include:

  1. Phishing - phishing is an email, text, or social media DM that poses as a legitimate form of contact (sometimes from a known brand, or even an internal staff member), which includes either a malware-infected download, attachment or a link to an infected site. Once opened and engaged, the malware downloads to your device and starts its programmed attack. You can read our full guide to phishing attacks here.

  2. Man-in-the-middle attack (MitM) - this is an attack where the hacker sits between you and another contact or system to decipher and gain access to the information you share. You can read our full guide to MitM attacks here.

  3. Brute force attack - cybercriminals use software designed to attempt trillions of password and user combinations in a handful of seconds. Brute force on very simple passwords will likely gain threat actors easy access.

  4. Dictionary attack - hackers have created password-cracking dictionaries over time and often share these to bring extra strength to their password-tracking software. The idea of these dictionaries is to store ‘common words’ and combinations users might use to create their login credentials. Over time these dictionaries have become much more personalised, by grabbing individual details and information on things like pet names, or birthplaces.

  5. Credential stuffing - if you’ve been hacked in the past, then you could be hit again and this is where credential stuffing comes in. Threat actors will likely attempt previous passwords on the off chance you didn’t update your credentials from the last attack.

  6. Keyloggers - these are malware designed to track keystrokes, to determine passwords for software logins.

How damaging is a Password Attack?

IBM reported that in 2021 a staggering $4.37 million was lost in compromised credential attacks, but the true costs are likely much bigger.


Because other forms of attack, like phishing, rely on users giving up their data (including passwords) this isn’t accounted for in these figures. It has its own tally of $4.65 million!

Then there are Ransomware attacks.

Beyond this, there is a cost in downtime after an attack, the time to reset passwords and system security.

A loss in productivity and delays in sales and service deliverables are also worth quantifying.

Then of course there is reputational damage if a MitM attack leaves a client or supplier open to risk. That might be much harder to calculate but would certainly cause greater long-term damage.

How to prevent a Password Attack or Password Cracking?

If we consider that over 90% of passwords are classed as vulnerable to attack it’s time to rethink how we as businesses secure entry to our digital worlds.

We wrote a full guide to securing your passwords. We recommend reading that to make sure you have the protection you need.

To summarise our recommendations:

  1. Choose stronger passwords with a bigger combination of upper and lowercase letters, numbers and symbols

  2. Avoid using common words, or recognisable letter combinations that make common words at all

  3. Do not use the same password twice

  4. Change your password regularly

  5. Use a password manager that has 2-factor authentication

We also recommend that you focus a portion of your staff’s cybersecurity training on credentials. Make sure to cover set-up, business guidelines, data sharing and flagging potential hacks. This will likely reduce an attack's effectiveness.

On top of this, you need to invest in good antivirus software and have your in-house team regularly scan for potential threats.

Need help protecting your business against a Password Attack or Password Cracking?

Honestly, the last thing you need in your business right now is a password attack. Frankly, you have other concerns, like the possibility of a pending recession. Unfortunately, hackers are opportunistic and this is exactly the time when they are going to ramp up attacks - when you are focused elsewhere in your business.

Outsourcing your cybersecurity to IT experts will banish these worries from your business!

If you are in the Soho London area contact us today and let us handle all your IT support needs.


bottom of page