{"id":5210,"date":"2019-12-03T21:55:48","date_gmt":"2019-12-03T21:55:48","guid":{"rendered":"https:\/\/www.n-able.com\/?p=5210"},"modified":"2025-05-23T14:07:05","modified_gmt":"2025-05-23T13:07:05","slug":"password-stealing-101-common-methods-and-defenses","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/fr\/blog\/password-stealing-101-common-methods-and-defenses","title":{"rendered":"Password Stealing 101: Common Methods and Defenses"},"content":{"rendered":"<p>If you want to defeat a cybercriminal, you have to understand how they think. When you know the tools of their trade, you can learn defenses to help you fight back.<\/p>\n<p>Ultimately, most cybercriminals want to earn money from their misdeeds. While some may try to lock up data via ransomware or steal processing power via illicit cryptominers, many simply want to get into systems, steal data, and resell it on the <a href=\"https:\/\/www.n-able.com\/cyber-encyclopedia\/what-is-the-dark-web\"  data-wpil-monitor-id=\"38\">dark web<\/a>. Often, the first step involves getting access to user accounts via their username and passwords\u2014and cybercriminals have multiple ways of doing it.<\/p>\n<p>Today, I\u2019m covering three common methods cybercriminals use to get passwords from users\u2014and how you can fight back. This list certainly isn\u2019t exhaustive, but it\u2019ll explain some of the most common methods.<\/p>\n<h3><b>Brute-force attacks<\/b><\/h3>\n<p>Passwords are rarely stored in plaintext anymore. They\u2019re usually hashed using a one-way algorithm or encrypted using one or more encryption keys. Brute-force attacks attempt to get around hashed or encrypted passwords by trying multiple combinations to discover an encryption key or the output of a hashed password.<\/p>\n<p>Cybercriminals can unencrypt passwords if they get the encryption key. Brute-force attempts on encrypted passwords often involve trying to figure out the encryption key for the service, then using that knowledge to try username\/password combinations until they find a match. However, software vendors can take preventive steps to make encrypted passwords harder to decrypt. Steps include using multiple encryption keys, encrypting the password multiple times, and ensuring the account holder is the only one who knows at least one encryption key.<\/p>\n<p>You can\u2019t unhash hashed passwords. The algorithm used is one-way\u2014meaning you can\u2019t use the same algorithm to turn the password back into plaintext. Instead, when authenticating, services compare the hashed output of a user\u2019s password against a known hash in their database. To provide an incredibly oversimplified example, let\u2019s say your password is cat. When you put this into the service, the algorithm outputs H14c!. Each time you authenticate with cat, the application will run your input through the algorithm, then grant access if the output matches H14c!. If someone manages to steal the password database, they won\u2019t be able to use the algorithm to turn H14c! back into cat. Instead, they\u2019ll run a series of potential passwords through common hashing algorithms. If the hashes match, they can reverse engineer your password and get into the intended service (and likely others if you\u2019re reusing passwords).<\/p>\n<p><em><b>Fighting back:<\/b>\u00a0<\/em>Regardless of whether your service uses encryption or hashing algorithms, the best way to fight back against brute-force password cracking attempts is to use hard-to-guess passwords. Make sure they\u2019re lengthy, unique, and use a mix of capital and lowercase letters and special characters.<\/p>\n<h3><b>Credential stuffing<\/b><\/h3>\n<p>Credential stuffing involves using previously breached data from one service and using it on another. For example, if criminals breach a common social networking site and get a list of usernames and passwords, they can try these username\/password combinations on other common services as well. When they attempt this in bulk, they\u2019re bound to get hits on services that let them get even more sensitive information\u2014like payment info or health records.<\/p>\n<p><em><b>Fighting back:<\/b>\u00a0<\/em>Credential stuffing relies on the fact people often reuse passwords to make them easier to remember. So make sure your employees and customers know to use unique passwords for every important service. Additionally, refresh passwords periodically to keep them from going stale. If you reset passwords frequently enough, it reduces the amount of time a breached password can be useful for credential stuffing.<\/p>\n<h3><b>Phishing and social engineering<\/b><\/h3>\n<p>Another common method of stealing passwords involves deception. People can often fall for a convincing (or even only slightly passable) scam. All it takes is someone clicking the wrong link in an email and entering their credentials into a convincing-looking fake website. And email isn\u2019t the only delivery method\u2014criminals often use social media links, SMS messages, or phone calls to trick people into giving up the goods.<\/p>\n<p><em><b>Prevention:<\/b><\/em>\u00a0There are several ways to reduce your risk. First, a good email security solution can help reduce the amount of spam and phishing attempts that land with your customers. However, this doesn\u2019t help with social- or phone-based attacks. Instead, offer user training to teach people to recognize potential scams. Teach them common signs of a scam such as generic greetings, poor spelling or grammar, and fake website URLs. Also, make sure they know to\u00a0<i>never<\/i>\u00a0give out credentials unless they\u2019ve specifically requested communications such as a password reset or technical support from the sender. This can be particularly important for phone-based scams. For example, if someone from an online payment vendor attempts to contact a user, they should hang up and dial the main line to verify the caller is from the company. Also, don\u2019t stop at one training\u2014consider sending out frequent reminders of the basics of phishing and social engineering prevention to your customers. This helps customers stay alert to dangers\u2014but also reinforces the value you provide.<\/p>\n<h3><b>Enforcing password best practices<\/b><\/h3>\n<p>Despite your best efforts, humans are still fallible. Even IT and security professionals can sometimes fall into poor password practices from time to time. One of the best ways to protect credentials involves using a strong password management solution to help enforce password management best practices across your team.<\/p>\n<p>SolarWinds<sup>\u00ae<\/sup>\u00a0Passportal helps your team automatically generate strong, unique passwords while retaining efficient one-click access to the services they need to do their jobs. Additionally, you can easily grant and revoke access as needed, and force password resets as needed. Plus, we use robust encryption on all passwords to make them even harder for cybercriminals to crack. Learn more today at\u00a0<a class=\"ext\" href=\"https:\/\/www.passportalmsp.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">passportalmsp.com\/<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Passwords are one of the most commonly sought-after things for cybercriminals\u2014and they have multiple ways of getting them. We look at how you can protect yours.<\/p>\n","protected":false},"author":24,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"class_list":["post-5210","post","type-post","status-publish","format-standard","hentry","topic-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.2 (Yoast SEO v27.2) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Password Stealing 101: Common Methods and Defenses - N-able<\/title>\n<meta name=\"description\" content=\"Passwords are one of the most commonly sought-after things for cybercriminals\u2014and they have multiple ways of getting them. We look at how you can protect yours.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.n-able.com\/fr\/blog\/password-stealing-101-common-methods-and-defenses\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Password Stealing 101: Common Methods and Defenses - N-able\" \/>\n<meta property=\"og:description\" content=\"Passwords are one of the most commonly sought-after things for cybercriminals\u2014and they have multiple ways of getting them. We look at how you can protect yours.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.n-able.com\/fr\/blog\/password-stealing-101-common-methods-and-defenses\" \/>\n<meta property=\"og:site_name\" content=\"N-able\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NableMSP\" \/>\n<meta property=\"article:published_time\" content=\"2019-12-03T21:55:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-23T13:07:05+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"N-able\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@Nable\" \/>\n<meta name=\"twitter:site\" content=\"@Nable\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"N-able\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/password-stealing-101-common-methods-and-defenses#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/password-stealing-101-common-methods-and-defenses\"},\"author\":{\"name\":\"N-able\",\"@id\":\"https:\/\/www.n-able.com\/fr#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b\"},\"headline\":\"Password Stealing 101: Common Methods and Defenses\",\"datePublished\":\"2019-12-03T21:55:48+00:00\",\"dateModified\":\"2025-05-23T13:07:05+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/password-stealing-101-common-methods-and-defenses\"},\"wordCount\":978,\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/fr#organization\"},\"articleSection\":[\"Security\"],\"inLanguage\":\"fr-FR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/password-stealing-101-common-methods-and-defenses\",\"url\":\"https:\/\/www.n-able.com\/fr\/blog\/password-stealing-101-common-methods-and-defenses\",\"name\":\"Password Stealing 101: Common Methods and Defenses - N-able\",\"isPartOf\":{\"@id\":\"https:\/\/www.n-able.com\/fr#website\"},\"datePublished\":\"2019-12-03T21:55:48+00:00\",\"dateModified\":\"2025-05-23T13:07:05+00:00\",\"description\":\"Passwords are one of the most commonly sought-after things for cybercriminals\u2014and they have multiple ways of getting them. We look at how you can protect yours.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/password-stealing-101-common-methods-and-defenses#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.n-able.com\/fr\/blog\/password-stealing-101-common-methods-and-defenses\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.n-able.com\/fr\/blog\/password-stealing-101-common-methods-and-defenses#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Security\",\"item\":\"https:\/\/www.n-able.com\/fr\/blog\/category\/security\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Password Stealing 101: Common Methods and Defenses\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.n-able.com\/fr#website\",\"url\":\"https:\/\/www.n-able.com\/fr\",\"name\":\"N-able\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.n-able.com\/fr#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.n-able.com\/fr?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.n-able.com\/fr#organization\",\"name\":\"N-able\",\"url\":\"https:\/\/www.n-able.com\/fr\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/www.n-able.com\/fr#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"contentUrl\":\"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg\",\"width\":\"1024\",\"height\":\"1024\",\"caption\":\"N-able\"},\"image\":{\"@id\":\"https:\/\/www.n-able.com\/fr#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/NableMSP\",\"https:\/\/x.com\/Nable\",\"https:\/\/www.linkedin.com\/company\/n-able\",\"https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.n-able.com\/fr#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b\",\"name\":\"N-able\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g\",\"caption\":\"N-able\"}}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Password Stealing 101: Common Methods and Defenses - N-able","description":"Passwords are one of the most commonly sought-after things for cybercriminals\u2014and they have multiple ways of getting them. We look at how you can protect yours.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.n-able.com\/fr\/blog\/password-stealing-101-common-methods-and-defenses","og_locale":"fr_FR","og_type":"article","og_title":"Password Stealing 101: Common Methods and Defenses - N-able","og_description":"Passwords are one of the most commonly sought-after things for cybercriminals\u2014and they have multiple ways of getting them. We look at how you can protect yours.","og_url":"https:\/\/www.n-able.com\/fr\/blog\/password-stealing-101-common-methods-and-defenses","og_site_name":"N-able","article_publisher":"https:\/\/www.facebook.com\/NableMSP","article_published_time":"2019-12-03T21:55:48+00:00","article_modified_time":"2025-05-23T13:07:05+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/03\/share-image.jpg","type":"image\/jpeg"}],"author":"N-able","twitter_card":"summary_large_image","twitter_creator":"@Nable","twitter_site":"@Nable","twitter_misc":{"\u00c9crit par":"N-able","Dur\u00e9e de lecture estim\u00e9e":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.n-able.com\/fr\/blog\/password-stealing-101-common-methods-and-defenses#article","isPartOf":{"@id":"https:\/\/www.n-able.com\/fr\/blog\/password-stealing-101-common-methods-and-defenses"},"author":{"name":"N-able","@id":"https:\/\/www.n-able.com\/fr#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b"},"headline":"Password Stealing 101: Common Methods and Defenses","datePublished":"2019-12-03T21:55:48+00:00","dateModified":"2025-05-23T13:07:05+00:00","mainEntityOfPage":{"@id":"https:\/\/www.n-able.com\/fr\/blog\/password-stealing-101-common-methods-and-defenses"},"wordCount":978,"publisher":{"@id":"https:\/\/www.n-able.com\/fr#organization"},"articleSection":["Security"],"inLanguage":"fr-FR"},{"@type":"WebPage","@id":"https:\/\/www.n-able.com\/fr\/blog\/password-stealing-101-common-methods-and-defenses","url":"https:\/\/www.n-able.com\/fr\/blog\/password-stealing-101-common-methods-and-defenses","name":"Password Stealing 101: Common Methods and Defenses - N-able","isPartOf":{"@id":"https:\/\/www.n-able.com\/fr#website"},"datePublished":"2019-12-03T21:55:48+00:00","dateModified":"2025-05-23T13:07:05+00:00","description":"Passwords are one of the most commonly sought-after things for cybercriminals\u2014and they have multiple ways of getting them. We look at how you can protect yours.","breadcrumb":{"@id":"https:\/\/www.n-able.com\/fr\/blog\/password-stealing-101-common-methods-and-defenses#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.n-able.com\/fr\/blog\/password-stealing-101-common-methods-and-defenses"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.n-able.com\/fr\/blog\/password-stealing-101-common-methods-and-defenses#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Security","item":"https:\/\/www.n-able.com\/fr\/blog\/category\/security"},{"@type":"ListItem","position":2,"name":"Password Stealing 101: Common Methods and Defenses"}]},{"@type":"WebSite","@id":"https:\/\/www.n-able.com\/fr#website","url":"https:\/\/www.n-able.com\/fr","name":"N-able","description":"","publisher":{"@id":"https:\/\/www.n-able.com\/fr#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.n-able.com\/fr?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/www.n-able.com\/fr#organization","name":"N-able","url":"https:\/\/www.n-able.com\/fr","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.n-able.com\/fr#\/schema\/logo\/image\/","url":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","contentUrl":"https:\/\/www.n-able.com\/wp-content\/uploads\/2021\/02\/logo-n-able-vertical-dark.svg","width":"1024","height":"1024","caption":"N-able"},"image":{"@id":"https:\/\/www.n-able.com\/fr#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NableMSP","https:\/\/x.com\/Nable","https:\/\/www.linkedin.com\/company\/n-able","https:\/\/www.youtube.com\/channel\/UClnp77HHg4aME-S-3fWQhFw"]},{"@type":"Person","@id":"https:\/\/www.n-able.com\/fr#\/schema\/person\/f46a000e389b6d02bd4b3866e7828a7b","name":"N-able","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e9c468b7c98137ecdd5508befa660c205a7978133257080a37fb0b1362d53411?s=96&d=mm&r=g","caption":"N-able"}}]}},"_links":{"self":[{"href":"https:\/\/www.n-able.com\/fr\/wp-json\/wp\/v2\/posts\/5210","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n-able.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n-able.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/fr\/wp-json\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n-able.com\/fr\/wp-json\/wp\/v2\/comments?post=5210"}],"version-history":[{"count":0,"href":"https:\/\/www.n-able.com\/fr\/wp-json\/wp\/v2\/posts\/5210\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.n-able.com\/fr\/wp-json\/wp\/v2\/media?parent=5210"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}