You might think to yourself,
‘Hey! The only place I worry about hackers breaking into is my bank, and they protect their passwords so I won’t worry.’
Here is the problem with that.
Good hosts, encrypt the password you give them with something called a ‘hash’. Password hashing works by using a one-way mathematical function (a hash function) to convert a readable password into a unique, fixed-length string of characters (a "hash") that's nearly impossible to reverse. Let’s say our friend John Jones has this password:MyDogHasFleas
So ‘plain-text’ it looks like this:
MyDogHasFleas
The hash program produces a password that looks like this:
1524157875019052
So the user password list might look like this:
USERNAME PASSWORD
JohnJones@Gmail.com 15241578750190521
Now, 65% of people re-use the same password on all the sites they visit. So let’s say John Jones logs into Fred’s BBQ Website, and he uses the same password he always does and Fred’s BBQ Website hashes the password, and Fred, thinks he’s safe.
Now, the hacker will do something called a brute-force attack. Where his computer tries a password of aaaaaaa, then aaaaaab, then aaaaaac… you get the idea, working through all the letters and numbers until he gets logged in. For a short password of say, 8 characters, he can crack it in less than an hour.
Now he won’t try this on a bank web site, because they’ll catch the multiple attempts and stop him.
He’ll do it on Fred’s BBQ Website, because when he gets in, he knows 65% of people re-use the same password on all the sites they visit, so then he goes to John's bank and logs into John Jone's account using the password he just figured out.
Then he empties the bank account.