About Us

IT Services

Understanding IT

News & Events



Contact Us

  • Register

Capstone Works Blog

Capstone Works, Inc. has been serving the Cedar Park area since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

How to Steal a Password in Three Easy Steps

How to Steal a Password in Three Easy Steps

For most people, the only thing protecting all of their personal data, their email, access to all of their online accounts, their bank, and more, is just a handful of characters. It’s estimated that there is about a 20% chance that any given account doesn’t have any sort of multi-factor security, so if you can figure out a person’s password, you might be able to gain access to whatever you want.

How to Hack Your Way Into Almost Any Account

Whether you are looking to steal a few grand from someone’s bank account, order yourself some furniture through someone else’s Amazon account, or just cause some trouble for a former employer, it’s probably easier than you think.

In fact, with a little bit of effort, you can likely accomplish it even if you aren’t very tech-savvy.

Let’s be serious; we’re not going to show you how to do it. Theft is immoral, unethical, and well, it’s also a crime.

But since we have your attention, it’s a good idea to understand just how easy it is for hackers and cybercriminals to break into your accounts, infiltrate your business network, and have their way with things. It’s all about finding the smallest little crack in your armor, and understanding a thing or two about human nature.

First, Try the Obvious Stuff

Most human beings are really bad at being random, and struggle to memorize complex strings of random characters. Most people also incorrectly assume that they aren’t worth targeting, so they think they can get a free pass from the password rules that everyone always preaches.

You can use this to your advantage. 

After analyzing over 18 million passwords, cybersecurity experts came up with a list of the most common passwords in the world. Here are the top 30:


1. 123456 11. abc123 21. princess
2. password 12. 1234 22. letmein
3. 123456789 13. password1 23. 654321
4. 12345 14. iloveyou 24. monkey
5. 12345678 15. 1q2w3e4r 25. 27653
6. qwerty 16. 000000 26. 1qaz2wsx
7. 1234567 17. qwerty123 27. 123321
8. 111111 18. zaq12wsx 28. qwertyuiop
9. 1234567890 19. dragon 29. superman
10. 123123 20. sunshine 30. asdfghjkl


If you are using a password like this, you should update all of your passwords immediately. Most cybercriminals have easy access to tools that are designed to brute force their way through logins. These tools work like this; they just start guessing your password. 

They make dozens or hundreds of attempts every minute, and they start with the obvious stuff first. If you have a longer, more complicated password that is using capital and lowercase letters, numbers, and symbols, then it would take the best of these tools weeks, months, or maybe even years to break into an account.

If those passwords don’t work, you can always just move on to the next step:

Second, Get to Know Your Victim

Some people wear their passions on their sleeves, or in some cases, on their social media. If you know a little about the person you are targeting, it’s easier to guess a password they might use. 

More than a third of American pet owners have used their pet’s name as part of a password. A whopping 59 percent of US adults use either their birthday or name in their password. Does your target have a vested interest in a particular sports team? What about a hobby? Look them up on social media and find out what their maiden name is, or the name of their kids—there’s a decent chance they use that information in their password.

When in doubt, if their dog’s name is Pooch, replace the O’s with zeroes and give it a try in a few permutations, or stick an exclamation point at the end of a password knowing your victim needed to meet the requirement to use a special character.

Does any of this feel a little too close to home for you? If we just started to debunk your password generation abilities, it’s definitely a good time to update to stronger passwords. All passwords should be at least 16 characters, and have a random mix of uppercase letters, lowercase letters, numbers, and special characters. 

Your special character usage shouldn’t just be an exclamation point at the end of the password too, that’s being lazy and one of the first things password-guessing software is going to try.

Third, Spend a Few Dollars on the Dark Web

The Dark Web is essentially the black market of the Internet. It can’t be reached by regular web browsers like Google Chrome, Microsoft Edge, and Firefox. Instead, you need to install specific software to get there. In some ways, the Dark Web is more secure than the regular Internet, because your access and usage is, more or less, anonymous. You aren’t jumping around public-facing servers, but instead connecting directly to a singular “Tor” network (which stands for The Onion Router, in case you were curious). That being said, the Dark Web is filled with both harmless content and dangerous illegal content. 

The Dark Web is used to peddle illicit goods, ranging from drugs to dangerous chemicals to illicit weapons to grotesque content. It’s also a marketplace of stolen information.

Whenever a big website or company suffers from a data breach, there’s a chance that the stolen information will be put up for sale on the Dark Web. That includes credit cards, Social Security numbers, bank accounts, username and passwords, medical information, and so much more.

The vast majority of American adults have stolen information on the Dark Web. In fact, it’s estimated that 9 out of 10 people have some form of information available for sale or download from the Dark Web. The Dark Web isn’t some fringe bar on the outskirts of town either; there are more than 8 million users registered on the top 10 most active forums on the Dark Web. It’s an active place.

When a major business gets breached, it can lead to millions of stolen records made available to purchase. Often, a “record” can include a person’s name, address, and other personal information. More expensive ones include financial information, and the most expensive ones typically contain healthcare information.

If you spend a little time looking, you can usually find a record of a person that includes a stolen password, like a Netflix or Facebook account that was hacked. These records can go for as little as a dollar or two. 

If you purchase a few records of a person with passwords, you might find one of two things:

  1. They use the same password across multiple accounts.
  2. They have a cute little pattern and use similar passwords across multiple accounts.

This is a common shortcut that most people make if they actually use a complex, secure password. Since it’s so hard to memorize a single password, they only make a few, or they make a little system around a complex password to help memorize them. For example, maybe the entire password is the same between multiple accounts, but the first letter is a capital that represents the site or service they are logging into (N for Netflix, G for Gmail, etc.).

Again, this is why you should always use complex passwords that are completely unique. Don’t ever use the same password on two different accounts, because if one of those accounts gets compromised, the other can too.

Take Your Passwords Seriously

It’s easy to fall victim to a data breach, because cybercriminals are getting more and more clever, and they have a wealth of tools at their disposal. We didn’t even get into how easy it is to simply ask a person for their credentials and get them that way.

We’ll cover this more in a future blog post, but it only takes a little effort and a few dollars to buy a domain name that’s similar to, say, a local bank, and send emails from that domain that look like legit emails from the bank. People tend to trust their bank, so they won’t think twice if their bank asks them to log into their account and check a problem. This doesn’t require any “hacking,” just a little time and effort.

That’s why we help businesses gain control over their sensitive data with strong cybersecurity best practices and staff training. Your staff are going to be the weakest part of your defense against cybercriminals, and the bad guys know it. Arming them with knowledge could help prevent future issues.

To get started and talk to one of our professional IT security experts, give us a call at (512) 343-8891 today.

AI is the New Secret Weapon for Cybersecurity
What is 2FA, and How Can Businesses Use it to Impr...
Comment for this post has been locked by admin.


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Wednesday, April 24, 2024

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Saving money Software IT Services Internet sports teams Remote Workers Privacy Data Privacy Day Small Business Microsoft Teams Broadband media accounts Cloud Computing COVID-19 Delightful Innovation SCAMS Productivity EMR right time Apple Technology New Year Clutch Managed Service Efficiency smart devices 2FA business continuity Remote best practices AutoCAD Gadgets January 28 Business continuity Passwords today Business Cybersecurity accounts need Network Security Quick Tips Security surge protection HIPAA Managed Services employees Architect IT UPS spam Ransomware IT support Business Continuity Recovery phishing Tech Support Cloud computing devices Content Filtering business owners 365 features Network managed IT Co-managed IT Data Recovery IT Support application employees download cybersecurity tools Malware Microsoft Microsoft Office 365 Microsoft Office Workplace Strategies File Folder Hardware cloud hackers IoT Current Events Data Hosted Solutions Password Servers password protection BDR Remote Work Cloud Communications Computer Users Tip of the Week Cyberattack Common password content Server Outsourced IT Two-Factor Authentication User Tips Vendor Compliance Health AWS comprehensive IT Saving Money Disaster Recovery Engineering VoIP Shadow Break/fit Social Media Disaster Planning Cloud services Email web application business Backup AI cybersecurity Managed IT Passwords high-threat environment Workplace Tips Communication Workplace Strategy Marketing Mobile Office Best Practices

Latest News & Events

Capstone Works is proud to announce the launch of our new website at https://www.capstoneworks.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our ser...

Contact Us

Learn more about what Capstone Works can do for your business.

Call Us Today
Call us today
(512) 882-2242

715 Discovery Blvd
Suite 511

Cedar Park, Texas 78613