How to Prevent Password Attacks

A password attack is when a hacker attempts to guess or steal your password in order to access one or more of your online accounts. It’s one of the most common hacking attempts and can cause a lot of problems if someone accesses your bank or other sensitive accounts. While you can’t prevent all hacking attempts, you can make it much harder for hackers to get your information. By setting strong passwords and monitoring all your online accounts, you can stop hackers before they steal any of your information.

Method 1
Method 1 of 3:

Setting Strong Passwords

  1. Image titled Prevent Password Attacks Step 1
    1
    Change all the default passwords that come with your accounts. Most hardware and software comes with default a password to set up your account. Hackers sometimes acquire a list of default passwords and use them to hack any accounts still using that password. Always change default passwords as soon as you set up an account to prevent this type of hacking.[1]
    • If you forget your password, you might receive a temporary password to unlock your account. Change this password right away too, because it comes with the same risk.
  2. Image titled Prevent Password Attacks Step 2
    2
    Pick an uncommon password that’s difficult to guess. "Brute force” and "dictionary" hacking attempts are when hackers try to guess passwords based on lists of the most common password choices and common dictionary words. Prevent this by making passwords that are hard to guess. Use random letter, word, symbol, and number combinations so your passwords aren’t at risk of a brute force attack.[2]
    • One of the most common passwords is still “password,” plus a simple combination of letters like 1234. Don’t make this your password choice. Use something random like 46f#d!p? (but don't use that one, because it's now published online and someone could guess it).
    • Don’t use information unique to yourself, like your birthday or name. These passwords are easy to guess if hackers monitor your social media accounts or online presence.
    • If you use numbers, put them in a random order. Don’t make them a specific year or date, like 1999. Instead, use 7937, for example.
    • Some websites are now requiring users to create a strong, unique password before their account is approved. This is to prevent hacking.
    Advertisement
  3. Image titled Prevent Password Attacks Step 3
    3
    Use different passwords for all your accounts. If you use the same password on multiple accounts, then a hacker could access all of them if they only crack one password.[3] This is called a credential stuffing attack, because hackers will try to use the credentials that they already know on your other accounts. Create a strong, unique password for every account you have online. This prevents hackers from accessing multiple accounts if they guess one of your passwords.[4]
    • Also don't make the passwords for different accounts very similar to each other. For example, don't use ozmy1 on one account and then ozmy2 on another. This is an obvious change that a hacker could guess.
    • It’s much easier to fix a hack on one account than multiple ones. You can just delete that account or change the username and password if someone gains access. If you use the same login information across many accounts, you’ll have to do this dozens of times.
    • Also secure your smartphone with a password, as well as all sensitive apps on it like your banking app. This prevents people from accessing your information if you lose your phone.
  4. Image titled Prevent Password Attacks Step 4
    4
    Change your passwords if you think they’ve been compromised.[5] If you forgot to sign out of a computer, let anyone use your account, saw someone looking over your shoulder as you were working, or did anything else that could lead someone to access your password, change it right away. Remember to replace your password with another strong one, with a long string of letters, numbers, and symbols that are difficult to guess.[6]
    • Older advice said that people should change their passwords regularly every few months. Professionals no longer recommend this because people who change their passwords often tend to pick weaker ones to help them remember. It’s much better to pick a strong password and stick with it.
    5. Advertisement
Method 2
Method 2 of 3:

Securing Your Accounts

  1. Image titled Prevent Password Attacks Step 5
    1
    Enable two-factor authentication on all your accounts. Two-factor authentication requires you to verify your sign-ins with a text message, email, or phone call. This makes it difficult for hackers to access your accounts if they don’t also have access to your phone or email address. Enable this option on every account that allows it so your online presence is more secure.[7]
    • If you receive a text or email with an authentication code when you aren’t trying to sign in, then someone could be trying to access your account. Change your password right away and contact that company to see if someone hacked your account.
    • Remember to secure your social media accounts as well. Hackers sometimes start by cracking these accounts to get more information about you.
  2. Image titled Prevent Password Attacks Step 6
    2
    Set your accounts to lock after a certain number of failed attempts. This locks your account down and prevents further login attempts until you unlock it. It deters people who are trying to guess your password. Check the settings of your online accounts and see if they have an adjustable locking option. Set your accounts to lock after a set number of attempts.[8]
    • Many accounts do this by default already. You may be able to adjust the number of attempts up or down if you want to.
    • Make sure you remember your passwords if you use this option. It’ll be inconvenient to keep unlocking your accounts if you forget your password.
  3. Image titled Prevent Password Attacks Step 7
    3
    Clear out your cache to remove any stored passwords or information. Your web browser might be storing passwords or other information without you knowing. If someone gains access to your browser, they could then view your history. Go to your web browser settings and select “delete cache” or “delete history” to clear out the browser. Do this every few months to get rid of stored information.[9]
    • The exact process to clear cache and cookies is different between different web browsers. In Chrome, the option is in "Tools" and "Clear browsing data" menu. On Firefox, the option is in "Options" and then "Privacy and Security."
    • Clear out the cache on your smartphone web browser as well. These are usually more secure than computers, but could still be hacked if you click on a phishing link.
    • Deleting cookies is similar to clearing the cache. Look for this option on your browser as well.
  4. Image titled Prevent Password Attacks Step 8
    4
    Avoid saving passwords on your computer or websites. Many websites give you the option of saving your password for easy sing-ins in the future. Do not accept this option. If someone gains access to your computer, either remotely through a hacking attempt or physically if you leave your computer somewhere, they can sign in to your accounts using your stored passwords. Instead, type in your password every time you log in. Deleting your cache should clear any passwords you saved in the past.[10]
    • Hackers can gain remote access to your device if you click on a suspicious link that transfers malware to your computer.
    • Don’t leave passwords stored in a file on your computer either. Hackers could read your files if they gain remote access. If you do this, at least put the file in a password-secured folder.
    • To remember your passwords, store them off of your computer for more security. Write them down in a notebook that you keep in your desk, for example. That way, hackers can’t access them.[11]
  5. Image titled Prevent Password Attacks Step 9
    5
    Wait until you're home to log in to sensitive accounts. If you use a computer at your school, library, or office, others can use that computer as well. Don’t sign in to accounts with sensitive information, like your banking, utility, or brokerage accounts. Wait until you’re home to view these accounts.[12]
    • Use caution if you’re using your personal laptop on a public WiFi network as well. Hackers can monitor these networks. Don’t do any banking or send sensitive information on public networks.
    • If you're on your phone, use your data instead of the public WiFi network. This is more secure and harder to hack.
    • Always make sure you sign out of all your accounts on a public computer and don’t save any passwords. For extra security, delete the browser cache every time you finish using it.
    6. Advertisement
Method 3
Method 3 of 3:

Stopping Password-Stealing Malware

  1. Image titled Prevent Password Attacks Step 10
    1
    Run virus scans regularly to remove any password-recording malware. Some types of malware, particularly trojans, hide in your computer and monitor your activity to steal passwords. This is called a keylogger attack, because it logs your keystrokes to determine your usernames and passwords. Run a full virus scan every few weeks to remove any programs that could be tracking your activity.[13]
    • Most antivirus programs run regular scans as part of their default setting. If yours doesn’t scan on its own, remember to run a full scan monthly.
    • Keep your antivirus software up to date. Download all the latest updates so it’s prepared to remove any new malware.
  2. Image titled Prevent Password Attacks Step 11
    2
    Confirm the developer of any app you download. Hackers sometimes clone apps to trick people into downloading them. They then use that app to gain access to accounts on that device. These suspicious apps usually show a different developer than the developer of the main apps, so search for the legitimate developer of any app you’re looking to download. If the app in the store shows a different developer, don’t download it.[14]
    • Report any suspicious apps you see to the app store to have them removed.
  3. Image titled Prevent Password Attacks Step 12
    3
    Avoid inserting any unknown storage devices into your computer. Thumb drives or hard drives could also transfer password-stealing and keylogging malware to your computer. Only plug your own devices into your computer, or devices from someone you trust. If you find one that looks abandoned, don’t take it and use it. It could be a malware device.[15]
    • Also avoid buying used storage devices or hard drives. Get news ones so they’re clear of malware.
  4. Image titled Prevent Password Attacks Step 13
    4
    Identify phishing emails so you don’t click on mysterious links. Phishing emails usually contain links that you’d click. When you click, the email transfers malware to your computer to obtain information. Some of these emails are getting hard to spot, so it’s good practice to avoid clicking any links or files that come from senders you don’t recognize.[16]
    • Some telltale phishing signs are grammatical errors, strange words or terminology that the organization doesn’t usually use, or logos and trademarks being in the wrong spot.
    • A common phishing trick is making an email look like it comes from an organization you have an account with, like your bank. Check the email details to see the address that it came from. If it’s a different email address than the organization usually uses, don’t click anything in the email.
    • If you do click on a mysterious link, run a virus scan right away. Then change your passwords to prevent anyone from accessing your accounts.
    5. Advertisement

Community Q&A

  • Question
    What is a good way to save passwords?
    Luigi Oppido
    Luigi Oppido
    Computer & Tech Specialist
    Luigi Oppido is the Owner and Operator of Pleasure Point Computers in Santa Cruz, California. Luigi has over 25 years of experience in general computer repair, data recovery, virus removal, and upgrades. He is also the host of the Computer Man Show! broadcasted on KSQD covering central California for over two years.
    Luigi Oppido
    Luigi Oppido
    Computer & Tech Specialist
    Expert Answer
    You can either save your passwords using a password manager, like LastPass or 1Password, or you can write your passwords down in a notebook. If you use a notebook, make sure you keep it in a secure place, like a safe.
  • Question
    What do I do if my password is compromised?
    Luigi Oppido
    Luigi Oppido
    Computer & Tech Specialist
    Luigi Oppido is the Owner and Operator of Pleasure Point Computers in Santa Cruz, California. Luigi has over 25 years of experience in general computer repair, data recovery, virus removal, and upgrades. He is also the host of the Computer Man Show! broadcasted on KSQD covering central California for over two years.
    Luigi Oppido
    Luigi Oppido
    Computer & Tech Specialist
    Expert Answer
    Change your password if you think it's compromised. You might also change your passwords on other accounts if the password is the same or the accounts are linked.
  • Question
    Is it bad to have the same password for everything?
    Luigi Oppido
    Luigi Oppido
    Computer & Tech Specialist
    Luigi Oppido is the Owner and Operator of Pleasure Point Computers in Santa Cruz, California. Luigi has over 25 years of experience in general computer repair, data recovery, virus removal, and upgrades. He is also the host of the Computer Man Show! broadcasted on KSQD covering central California for over two years.
    Luigi Oppido
    Luigi Oppido
    Computer & Tech Specialist
    Expert Answer
    Yes, it's not a good idea to use the same password for all of your accounts because it makes it easier for people to hack you. Make sure you use a different password for each account.
Advertisement

You Might Also Like

Get Someone's Facebook Password
How to
Get Someone's Facebook Password
Find Your WiFi Password when You Forgot It
How to
Find Your WiFi Password when You Forgot It
Create a UsernameA Quick Guide on How to Make a Username
Save PasswordsHow To Store Online Passwords in Browser and Third-Party Apps
Make a Unique Username
How to
Make a Unique Username
Change Your Spotify Password
How to
Change Your Spotify Password
Remember a Forgotten Password
How to
Remember a Forgotten Password
How Do I Find My Google Password on My PhoneHow to Find Your Google Password on Your Phone (with Google Chrome)
Find Out a PasswordHow to Find Out a Password: 8 Tricks to Gain Access to Accounts
Change Your Converge WiFi Password
How to
Change Your Converge WiFi Password
Change a DLink Wireless PasswordHow to Change a D-Link Wireless Password
Change Microsoft Outlook Password
How to
Change Microsoft Outlook Password
Advertisement

References

  1. https://www.uhcl.edu/computing/information-security/basics/passwords
  2. https://www.uhcl.edu/computing/information-security/basics/passwords
  3. Luigi Oppido. Computer & Tech Specialist. Expert Interview. 31 July 2019.
  4. https://www.businessinsider.com/how-to-prevent-cyber-attacks-2014-5
  5. Luigi Oppido. Computer & Tech Specialist. Expert Interview. 31 July 2019.
  6. https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory-password-changes
  7. https://www.uhcl.edu/computing/information-security/tips-best-practices/pwattacks
  8. https://www.uhcl.edu/computing/information-security/tips-best-practices/pwattacks
  9. https://www.pcmag.com/how-to/12-simple-things-you-can-do-to-be-more-secure-online
  1. https://www.businessinsider.com/how-to-prevent-cyber-attacks-2014-5
  2. Luigi Oppido. Computer & Tech Specialist. Expert Interview. 31 July 2019.
  3. https://www.us-cert.gov/ncas/tips/ST04-002
  4. https://www.pcmag.com/how-to/12-simple-things-you-can-do-to-be-more-secure-online
  5. https://www.businessinsider.com/how-to-prevent-cyber-attacks-2014-5
  6. https://www.businessinsider.com/how-to-prevent-cyber-attacks-2014-5
  7. https://www.uhcl.edu/computing/information-security/tips-best-practices/pwattacks

About This Article

Luigi Oppido
Co-authored by:
Luigi Oppido
Computer & Tech Specialist
This article was co-authored by Luigi Oppido. Luigi Oppido is the Owner and Operator of Pleasure Point Computers in Santa Cruz, California. Luigi has over 25 years of experience in general computer repair, data recovery, virus removal, and upgrades. He is also the host of the Computer Man Show! broadcasted on KSQD covering central California for over two years. This article has been viewed 10,976 times.
How helpful is this?
Co-authors: 3
Updated: September 22, 2020
Views: 10,976
Categories: Internet Passwords and Usernames
Advertisement