A password is used as one of the most important authentication used for users privacy, usernames and passwords are widely used by many computers systems, Bank accounts, ATMs, Websites, Databases, for authentication.
Information stored in this type of authenticated computer systems have lots of valuable information related to Website, Bank details, government agencies, Militaries, companies, and about their users, employers, and many more.
As this type of information is really valuable to the companies they spend thousands and thousands of dollar to make them secure from any type of unauthorized and malicious actions generally done by hackers.
This type of information is really valuable and important and attracts lots of hackers.
Hackers try there best to get access to the computer and the computer database but it's not an easy task, they have to find a vulnerability, loopholes, and get access through backdoor which is not an easy task.

But, Let's assume the  hackers get an full access to a computer and the database and they have all the information they want such as users Usernames, Emails, Passwords, and there address,
But Wait, Now the main challenge arrives which is in the user's password.
Users password are Encrypted which means no one can read or understand it even the Owner, managers, and employers of the companies and websites until and unless it has been cracked.
So the main question is,

cracking password
Cracking passwords


So to know How Hackers crack a password, You have to know how a database works.
For this, Let's assume that you have to create an account on facebook So for creating an account on facebook you have to give some information to Facebook such as your Name, Email, Phone no., Password, and your address.
So all this information that is given by you are sent and are saved in the Facebook database which
is again used as authentication for login in your account. The login authentication is done by comparing the username and password entered by you with the username and password saved in a database.
Once the authentication complete, data entered by you matches with the information in a database the website allows you to successfully sign in.
So as I have told you earlier that your password is not saved in plain text it is saved as an encrypted hash. Hashes are the type of encryption which converts every plain text or password into a unique input.
The password is encrypted using many different kinds of hashing algorithms some of them are
  • SHA1

  • MD5

  • SHA256


Bruteforce Attack

In this attack, the hacker creates and use a specific type of tool which tries every possible password with the different type of combinations of letters, numbers, characters etc. and compares with the password in a database or in computers.
But the only problem with brute force attack is it consumes lots of time, effort and computing power. but the chances of cracking a password is much higher than any other attack.

Dictionary Attack

In this attack, the hacker uses wordlist which consists the list of  most common possible passwords it works same as a brute force but the only difference is brute force uses a different type of combinations of letters, numbers, characters etc. and compares it with the password in a database or in computers, But Dictionary attack only use specific type and list of passwords most of them are common password which is then compared with the password in the database

Rainbow Table Attack

Rainbow table attack is same as dictionary attack but the only difference is it consists of a list of the hashed password in which it compares the possible password which is in the form hashed password compared with database hashed password if it will find the password it will be shown to you.

Hybrid Attack

This type of password is also the same as above that we have discussed the only thing that makes it different from all of the attacks given above as it uses the random combinations of letter, words, numbers, characters and it also replace them as appending and prepending form.

How Can You Save From This Type Of Attacks

The Answer to this question is in your password strength, Some tips are.

  1. Increase your password length (ex. 12 to 18 characters)
  2. Increase your password strength by adding different characters. (ex. @!$&*()#)
  3. Do not use an easy and short password (ex. less than 10 characters)
  4. Do not use the same password everywhere
  5. Do not use passwords that consist of Information related to you.