There are several ways in which passwords can be stolen by attackers. The method used can vary. A hacker might analyze the expertise and equipment that they have to ascertain which method they are going to use.
Brute force attacks: This is the most common way we are all familiar with. Hackers use trial and error using the information they might have gathered about users to get into their account. Now, there are sophisticated systems which can run tens of password through your account every minute until one fits the bill,
Shoulder surfing: This is exactly what the name indicates. Hackers can be spying over your shoulder and observing as you enter your password. Once they’ve seen it, reentering it is the easy part,
Keyloggers: This is a virus which can sit deep within your system, undetected. Its purpose is to log every keystroke being made on the system henceforth. Using the key logs and a little bit of common sense, hackers can figure out when and where a password is entered
The angle of tilt on your phone: Believe or not but according to the cyber specialists at Newcastle University, this is entirely possible. All you have to do is enter a fake website created by a hacker. Now your phone and its physical activity are being monitored using the gyroscope and other sensors embedded in the device.
There are no permissions required to carry our said act. The research found that using this method it is possible to crack a 4-digit PIN with 70% accuracy.
There are many other ways in which a password might be hacked. This can include spidering where the virus just crawls into the system and picks up vital information. This method is more commonly used for corporate identities and to hack Wi-Fi networks.
Man in the Middle
Man in the middle is one of the most common and talked about cyber-attacks. Hackers have the ability to intercept communications between two parties and insert themselves in the middle to get a hold of private information which might be shared across the platform.
There are numerous ways in which a hacker can put themselves in between the communication channel. They can design legitimate looking webpages which ask for certain information.
Also, through false impersonation of the other person, you can be asked to fill in a survey or other instruments which gives out your personal information for different purposes.
