Skip to main content

What you need to know about targeted online guessing

(Image credit: Image Credit: Balefire / Shutterstock)

When you think of hacking or security breaches, you probably imagine someone working hard to bypass firewalls by typing long lines of code. But one of the most common forms of hacking is little more than a guessing game.

It’s called “targeted online guessing.” It’s when a criminal or identity thief tries to guess a password for an account. This is made easier for them by information they’ve already collected elsewhere, like birthdays or anniversaries, addresses and more.

Security experts actually believe this form of hacking is a severely underestimated threat. Nevertheless, you can keep yourself more secure by avoiding simple mistakes, like reusing a password or using easily recognisable personal information in yours.

One of the simplest ways a hacker can guess a password is if you reuse it across several platforms or accounts. You’d be surprised how many people actually do this. An estimated 15 to 60 per cent of users are too lazy to change passwords and reuse them.

If you reuse a password multiple times, just a single data breach can put nearly all your accounts and data at risk. Hackers already know a lot of people reuse passwords and information, which is exactly why targeted online guessing is so lucrative.

So how can you protect yourself? Here’s what you need to know.

Get better passwords

The best defence for such a thing is to come up with better passwords. Not only that, but use unique codes and phrases for all your accounts. If you have a tough time remembering a lot of information like this, you can always use a secure password manager tool, like 1Password or LastPass. Many of them rely on data encryption to ensure your password data is safe and secure.

It’s not just about access to your personal accounts and data, either. Someone could easily get into your work email, accounts or even your tools — especially if you make the mistake of reusing a password. Did you know 10,000 of the most common passwords, like 12345 or qwerty, can access 98 per cent of all accounts out there?

That’s why it’s best to put some time and thought into your passwords instead of simply choosing an easy-to-guess word or identifier. Never use personal information that can be easily referenced, like an anniversary, address, career or job name, family member’s name or anything else along those lines.

To come up with a strong password you can remember, you’ll want to follow these tips:

  • Most passwords have a requirement of eight to 10 characters, but you’re better off with longer phrases. Don’t go with anything under 12 characters.
  • Use a combination of numbers, capital and lowercase letters and symbols. This will make your password extremely difficult to crack.
  • Don’t use obvious words, names or phrases. Come up with something that’s unique to you.
  • Avoid obvious letter and number substitutions that can be easily guessed. For example, using a 0 instead of the letter O or a 3 instead of the letter E.

Make sure your software is up-to-date

Software updates, application updates and operating system updates can be a pain. Oftentimes, you even have to restart your computer for the installation to proceed or finish. If you were in the middle of doing something, this can be bothersome.

But software updates happen for a reason. In fact, one form of update is a security patch that fixes vulnerabilities or security holes in software. This is important, because it’s essentially like closing doors that were wide open for hackers. Even Microsoft’s latest OS, Windows 10, has received critical security updates that are designed to fix inherent flaws.

As annoying as it may be, always make sure you keep your software and applications up-to-date. With outdated software, it’s possible you’re wide open to attacks but don’t even know it.

Not all technology is prone to brute-force hacking

Another term for targeted online guessing is “brute force hacking,” because the criminal is simply using no workarounds to get access. It’s as simple as entering new passcodes over and over until the right one is found. Generally, it’s not a single person sitting at a keyboard doing this — they have automated programs or bots that can do it for them over a period of time.

But due to the nature of these hacks, not all technology is vulnerable. A smart lock with a touchscreen, for example, is not likely to be targeted by this type of attack for several reasons. First, someone would have to stand at your door and try multiple codes, risking the chance they’ll get caught. Second, there are way more traditional weak spots in a home that an intruder or burglar can exploit. They can shatter windows, break door hinges or even take advantage of pet doors.

When there are easier methods of entry, nobody is going to waste time brute-force hacking a smart lock — especially when a crowbar can be used to pry a door open instead. Bottom line? It’s just as important that you focus on other types of security, too — not just digital security for your passwords.

If two-factor authentication is available, turn it on

If a service you use offers two-factor authentication through a mobile number or email address, then enable it and keep it active. Every time you try to log in from a new or unrecognised source, the system will generate a unique passcode in addition to your account name and password. It will then send this code to the location you specify, like your email.

Without access to multiple accounts, hackers cannot get past two-factor authentication, which is why it works so well.

Beyond that, stay vigilant and keep informed about new breaches and attacks as they happen. There’s no reason you need to be another victim when it’s so easy to protect yourself.

Kayla Matthews, technology writer and cybersecurity blogger
Image Credit: Balefire / Shutterstock

Kayla Matthews
Kayla Matthews is a technology writer and cybersecurity blogger. You can read more posts from Kayla on Datanami, CloudTweaks, VentureBeat and Motherboard, as well as on