5 surprising ways a hacker can get your password


We all know hackers can use suspicious email links, malware, phishing emails and other sophisticated technical hacks to breach your business’ security.

But there are other surprising ways you may not have thought of that hackers could get their hands on your password – and not all of them are very sophisticated.

Being aware of the techniques that hackers use to gain access can protect your business and prevent a potentially large security threat or data breach.

Here are five ways hackers can gain access to your passwords.

  1. Guessing

Weak or easily guessed passwords are more common than you may realise. A recent survey indicated that one in six of us use our pet’s name as our password. Around one in three of us also use the same password across all platforms.

Even though a string of different letters, numbers and symbols is the most secure method, many of us still use words or phrases related to ourselves or our family.

This creates the perfect conditions for hackers to guess words or phrases that may have been made available online on social media or other platforms.

Using a password manager may help with this problem – it will allow you to store complex passwords in one place, preventing the temptation to use memorable words.

  1. Shoulder surfing

A security threat that is often underestimated is ‘shoulder surfing’. This describes when a stranger looks over your shoulder at your device to steal personal information.

Working remotely in public spaces such as a café or restaurant may allow opportunist criminals to steal your credentials.

If someone watches you typing your username and password, they can easily take a note and remotely access files and data – which can have serious consequences for your business.

  1. Social engineering

Social engineering describes a technique used by hackers where they pretend to be a trusted source – such as an IT provider or technician.

They will then ask you for usernames and passwords to gain access to applications and servers to ‘help you’ – when they are stealing the credentials to launch an attack.

If someone asks you for credentials, get in contact with us.

  1. Spidering

The ‘spidering’ method used by hackers is a step above guessing. It involves the hacker getting know your business via your website, social media or other platforms that will familiarise themselves with you.

Based on this, they then guess passwords related to your business that employees may choose to use. For example, your business name, location or your sector.

Using a string of random symbols can eliminate the likelihood of this attack, as the password is then unrelated to your business.

  1. Extortion

This is an extreme method used by hackers, but unfortunately it can happen. This is where hackers will blackmail people into giving them information.

Hackers may threaten you and pretend to have personal information about you that they will forward to co-workers, family or friends if you do not part with the desired information.

This could be passwords to access secure data or confidential information about your business.

If you or your employees fall victim to this attack, or any others, you should alert an IT provider immediately to help resolve the issue.


You can also use multi-factor authentication for your credentials to keep them secure and away from hackers that may compromise your business.

If you have any questions or are concerned about your password security don’t hesitate to contact us.