How to Guess a Password

• Find out the password requirements for the site so you know how many letters, numbers, and symbols you'll have to guess.
• Most Android and iPhone screen PINs are only 4 or 6 digits long, making them easy to guess.
• Many people use the names of their pets, partners, favorite sports teams, along with significant numbers in passwords.
• Entering the wrong password or PIN too many times will usually lock you out of the service or device you're trying to access.

Figure out the password requirements for the site or app.

Find out what types of passwords are allowed on the service you're trying to access. Many websites require passwords to be at least 8 characters or long. Some also require passwords to include at least one capital letter, a number, and a symbol or special character. Once you know which types of passwords that service will accept, you'll know how complicated to make your guesses. To find out the site or app's password requirements, try setting up your own account. When it's time to create your password, you'll see the requirements.

Ask for a hint or security questions.

If the password has a "hint" option for forgotten passwords, request a hint. Depending on the service, you may be prompted to answer security questions or see a hint once you enter the password incorrectly too many times. For other services, you may be able to see security questions to reset the password up front. The hint may be in the form of statement, like "Last 4 digits of your phone number," or a question like "What was the name of your first pet?" Finding the answers can help you get into the account without having to know the password at all! Some sites allow people to type their own password hints, which might make guessing the password obvious. For example, "dog + digit" might be the hint, which certainly narrows down the options. Keep in mind that asking for a hint or security questions might not display the hint right on the screen—instead, it might send the hint to the email address on file for the account. It may also send your IP address to the account owner, which they might be able to trace back to you. Be careful!

Check the most common passwords from security breaches.

People often choose easy-to-remember passwords that are simple for hackers to crack. A great place to start is to look at the 20 most common passwords found in leaked account information from the dark web. If the person whose password you're trying to guess isn't very security-conscious, they might be using one of these passwords. 123456 123456789 Qwerty Password 12345 12345678 111111 1234567 123123 Qwerty123 1q2w3e 1234567890 DEFAULT 0 Abc123 654321 123321 Qwertyuiop Iloveyou 666666

Phone screen passwords are usually obvious.

If you're trying to guess someone's Android or iPhone lock screen PIN, it might be easier than you'd think. This is because most phone unlock passwords are just short strings of numbers that are easy to guess. Depending on the person's phone, they'll usually have a 4 to 6 digit PIN set, which may correspond with a number that's significant to them. If you know the person's phone number, social security number, birthdate, or even the birthdate of somebody close to them, you might be able to get into their phone without much trouble. People often choose a simple sequential number, such as 123456, or a repeating number, like 333333. Sometimes people choose numbers based on a pattern on the dial pad. For example, 1379—the top-left corner, the top-right corner, the bottom-left corner, and the bottom-right corner. In most cases, entering the wrong passcode too many times will typically lock you (and the phone's owner) out of the phone.

Names of family members and pets are very common.

Do you know the names of the person's family members, significant other, or pets? According to a survey from the National Cyber Security Centre in the UK, a whopping 15% of respondents used their pet's names in their passwords, while 14% used family members names. Some tips for guessing name-based passwords: If the person uses a name in their password, they'll likely also include a number and/or symbol, as most sites and apps require more complex passwords. Try the name of the person's significant other or spouse in conjunction with the date of their anniversary, birth year, or year they met. If the person has multiple children, their password might be a combo of all their kids' names. If they only have one kid, try that child's first name followed by their year of birth. The name of the person's current, favorite, or first pet is extremely common in passwords. If the person has a nickname, they may be using it as their password. Try their nickname followed by their year or birth or some other important number.

Use what you know about the person's interests.

If you know anything about the person's hobbies or interests, you may be able to guess their password. Because people have to come up with so many passwords for different apps, they often default to something that can be easy to remember, such as their favorite TV show, sports team, movie, hobby, character, or food. Because many apps and sites require longer passwords, you can try combining some of these details to come up with a password. For example, "Tigergolf," "Golfpro," or "Kobebball."

Add significant numbers and dates.

Most people use numbers in their password, indicating a date or a lucky number. Because most apps and services require adding at least one number to passwords, people often stick to numbers that are easier to remember. You can try these numbers on their own or add them to the ends of the words you've already guessed. Here are some ways to guess a person's password based on numbers: To satisfy basic password requirements, many people simply tack a "1" or "2" to the end of their otherwise simple passwords. Try the person's birthday. For example, if their birthday is 12/18/75, try "121875" or add 1975 to the end of one of the names or interests you've already guessed. The person's current or former street address, such as 955, could be a part of the password. If the person has been vocal about what their lucky number is, try it. If the person plays a sport, try their jersey number. Try all or part of a person's phone number, or maybe even just the area code at the end of another word. If the person has graduated college or high school, add their graduation year to the password.

Reverse or change the letters.

People may think they're fooling hackers by reversing the order of letters in easy-to-guess passwords. Once you learn the names of their important people, pets, and hobbies, try typing it backwards. You may also try an alternate spelling, or even replacing certain letters with numbers that look like them. For example, if their dog's name is Brunhilda, their password might be Adlihnurb. People often replace letters with numbers to make their passwords more secure. For example, w1k1H0w instead of wikiHow, or g00gl3 instead of google.

Check their saved passwords.

Many people use the password managers built into their browsers or phones to save their passwords automatically. If you have access to the person's web browser, like Chrome, you can open their browser settings (typically under AutoFill or Passwords) to see all the passwords they've saved. In most cases, you'll need to know the person's main password or PIN to view this list of passwords.

Try cracking the password (at your own risk).

If you can't guess the password, you might want to try some password cracking tools. Just keep in mind that you should only use these tools for ethical hacking purposes, such as cracking your own password or evaluating the security on your home or office network. Don't risk getting into legal trouble over your curiosity! John the Ripper is a famous open-source password cracking tool used by system administrators and hackers alike. This software uses long lists of words (both words from the dictionary and common variations with numbers and symbols) to crack passwords. Malware such as keyloggers and screen capturers can record everything a user types in real time, including their usernames and passwords. But because installing malware to spy on people is illegal (even if you're using it with a family member or spouse), you should avoid using it without permission.