If a hacker wants to hack your password, he may first of all take out all information about you like which is your favorite team, your girlfriend’s/boyfriend’s name, child name etc. whichever matters you most and you can remember easily. Then he creates dictionary of all those words and then tries it one by one against your account. If you want to prevent yourself from password guessing better never keep any guess-able password.
The most common mistake many people do is they never change default password of their accounts/devices. Even before guessing password a hacker may try default passwords only. He can get complete list of default password from www.defaultpassword.com .
Using Brute Force:
In this type of password hacking a hacker attempts to log-in with all possible combination of keys available on keyboard. This is very tedious task and a hacker may give up if he fails to crack that password for several days. Better keep long passwords with all type of characters mixed up in it.
An attacker can call as a person of importance or technical support asking for password. Social Engineering works because of human tendency to help and be kind. Whenever someone calls you for or as a technical help and as a person of importance better ask questions before you reveal sensitive information, remember world is not as good as you think. Your tendency to be kind and helpful to someone for no reason for your privacy may put you in serious trouble.
Rainbow table is dictionary of precompiled hashes of password. An attacker may try to compare hashes recovered from your system to the dictionary of precompiled hashes. If a match is found then that password will work against your account. A good password with characters, special symbols, letters and numbers can not be easily found in any dictionary and hence they will work defensively against hashes dictionary.
In this kind of password hacking an attacker creates a replica of site on which you have an account. Then anyhow he tries to make you click on link to that site and if you get fooled as it is the regular site that you visit and when you enter password he/she logs your password and even gets access to your original account. This is used for hacking email accounts, social networking accounts and even for stealing credit card numbers.
Sniffing Around Network:
Sniffing means capturing data that flows through network. Even if the attacker gets access to password hashes through network he/she can easily crack your password and if proper protection is not provided this password travel as plain text finally revealing your password to attacker without any effort.
Using Spy Software:
A spy software can not be only used to get key logs by can also be used by attacker to eye your networking habits, get complete access to your computer, download, move or delete files from your system and much more.