Hacking is all about having access to one thing which is - your password. If your password is short and simple, and someone was able to guess it correctly using some very common techniques or even supercomputers, it's game over.. They'll just log in to the target account and impersonate you. 

There are majorly eight common tactics or tricks hackers use to hack your password; it can be facebook, twitter, whatsapp, etc.

1. Dictionary Attack

First up in the eight most common password hacking tricks is the dictionary attack. Why is it called a dictionary attack? Because it automatically tries every word in a defined "dictionary" against the password. This dictionary is actually a small file containing the most commonly used password combinations. That includes 123456, qwerty, password, iloveyou, and the all-time classic, hunter2. The above table details the most leaked passwords in 2016. whereas the table below details the most leaked passwords in 2020.

Pros: Fast; will usually unlock some woefully protected accounts.

Cons: Even slightly stronger passwords will remain secure.

Stay safe: Use a strong single-use password for each of your account. this password should never contain any of your name, it shouldn't be your phone number, or any of the well known passwords.

2. Brute Force Attack

In brute force attack, an attacker tries every possible character combination. A brute force attack will also try the most commonly used alphanumeric character combinations first too. These include the previously listed passwords, as well as 1q2w3e4r5t, zxcvbnm, and qwertyuiop. It can take a very long time to figure out a password using this method, but that depends entirely on the complexity of the password.

Pros: Theoretically, it will crack any password by way of trying every combination.

Cons: Depending on password length and difficulty, it could take an extremely long time like 100, 000 years to get a strongly typed password. this is more like an impossible mission. 

Stay safe: Use a strong single-use password for each account. this password should be a combination of Uppercase letters, Lowercase letters, Numbers and Special characters. In addition, this passwords should be atleast a minimum of 8 characters. Example of strong passwords: DestroTech!@2020, 12QueeN34~=, $$DollarMan1845

 3. Phishing Attack

This isn't strictly a "hack," but it is the act of falling prey to a phishing or spear-phishing attempt by a hacker or cyber criminal. see Major Types of Phishing Attacks scammers use to fool their victims

The above image illustrates one of the major ways facebook accounts are stolen. Be very watchful on the web links you click. Verify the legitimacy of a website before you enter your login details into the website  

A phishing email generally works like this:

1. Target user receives a spoofed email purporting to be from a major organization or business.
2. Spoofed email demands immediate attention, featuring a link to a website.
3. This link actually connects to a fake login portal, mocked up to appear exactly the same as the legitimate site.
4. The unsuspecting target user enters their login credentials and is either redirected or told to try again.
5. User credentials are stolen, sold, or used nefariously (or both).

 4. Social Engineering Attack

In the realm of security, social engineering is the act of manipulating people to steal private information from them, or make them give up such confidential details. Social engineering relies on taking advantage of human nature, which is usually the weakest link in an otherwise strong system. see What Is Social Engineering | Types of Social Engineering

The scary thing about Social Engineering is how often it works. This attack won't always ask directly for a password. It could be a fake plumber or electrician asking for entry to a secured building. When someone says they were tricked into revealing their password, it is often the result of social engineering. 

Skilled social engineers can extract high-value information from a range of targets. It can be deployed against almost anyone, anywhere. It's extremely stealthy.

Stay safe: This is a tricky one. A successful social engineering attack will be complete by the time you realize anything is wrong. Education and security awareness is a core mitigation tactic. Avoid posting personal information that could be later used against you. privacy is gold!!

5. Rainbow Table Attack

A rainbow table is usually an offline password attack. For example, an attacker has acquired a list of user names and passwords, but they're encrypted. This means it looks completely different from the original password. For instance, your password is Admin1000. The known MD5 hash for this password maybe "238f4047e3233b39e4444e1aef240e80aa."

This is where the rainbow table comes into its own. Instead of having to process hundreds of thousands of potential passwords and matching their resulting hash, a rainbow table is a huge set of precomputed algorithm-specific hash values. Using a rainbow table drastically decreases the time it takes to crack a hashed password—but it isn't perfect. Hackers can purchase prefilled rainbow tables populated with millions of potential combinations.

Pros: Can figure out complex passwords in a short amount of time (unlike a bruteforce attack); grants the hacker a lot of power over certain security scenarios.

Cons: Requires a huge amount of space to store the enormous (sometimes terabytes) rainbow table. Also, attackers are limited to the values contained in the table (otherwise, they must add another entire table).

Stay safe: Another tricky one. Rainbow tables offer a wide range of attacking potential. Avoid any sites that use SHA1 or MD5 as their password hashing algorithm. Avoid any sites that limit you to short passwords or restrict the characters you can use. Always use a complex password.

6. Malware Attack

The use of malware by a hacker is another sure way to lose your login credentials. Malware is everywhere, with the potential to do massive damage. If the malware variant features a keylogger, you could find all of your accounts compromised.

Alternatively, the malware could specifically target private data or introduce a remote access Trojan to steal your credentials. It can go undetected, allowing further harvesting of private data and login credentials. This is very dangerous if executed effectively well!!

Stay safe: Install and regularly update your antivirus and antimalware software. Carefully consider your download sources. Do not click through installation packages containing bundleware and more. Steer clear of nefarious sites. Use script blocking tools to stop all malicious scripts from executing automatically on your computer machines and servers.

7. Spidering

Spidering ties into the dictionary attack. If a hacker targets a specific institution or business, they might try a series of passwords relating to the business itself. The hacker could read and collate a series of related terms—or use a search spider to do the work for them.

You might have heard the term "spider" before. These search spiders are extremely similar to those that crawl through the internet, indexing content for search engines. The custom word list is then used against user accounts in the hope of finding a match.

Stay safe: Again, only use strong passwords comprised of random strings; and nothing linking to your personal, business, organization etc.

8. Shoulder Surfing

This is one of the most basic hacking tricks. What if someone just looks over your shoulder while you're typing in your password or entering your debit card pin in a typical ATM Maching?

Shoulder surfing sounds a little ridiculous, but it does happen. If you're working in a busy environment and not paying attention to your surroundings, someone could get close enough to note your password/PIN as you type.

Stay safe: Remain observant of those around you when typing your password/PIN. Cover your keyboard and obscure your keys during input.

Never forget to always Use a Strong, Unique and Single-Use Password

So, how do you stop a hacker from stealing your password? The really short answer is that you cannot truly be 100 percent safe and secured. The tools hackers use to steal your data are changing all the time. However, using a strong, unique, single-use password will go along way to keep you safe.

NB: Single-Use means the avoidance of using thesame password almost in all your accounts (facebook, twitter, Gmail etc.)