From the point of non-technical knowledge in coding or programming like me, the easiest way is to get a password by taking without permission from the victim. E.g., some people use the pattern lock instead of pin or password for logging into their smartphone which is quite easy to remember at a glance of sneaking. As I learned though web, it’s still having a chance that if a user only uses plain text password, it could be hacked with a dictionary attack.
As there are so many people with poor knowledge of cybersecurity, and most of them set their password linking to their name, date of birth, email and any number which is quite easy to guess if we can find their basic information from their social media account. And generally, most of them keep the same password for different accounts on social media which is very easy for an attacker to manipulate at different sites once he got that password.
And recently, I just have an experience that some of the password can be override with a specific software easily. I had been using fingerprint option to sign in my laptop and last week I have to change the pin (another sign in option) for some reason, it requested me my original password which is link with my Microsoft account. Since it’s been a long time not using that password, I had to go to the service center and there they used a professional password recovery tool and within a minute I could reset my password again. That’s a way of simple log in and there are many tools we can use to hack into someone’s security system with a click.
Another way is to inject any virus program as an intension of destroying someone’s important data or operating system rather than getting information. That kind of attack can be as simple as putting an infected memory stick to their computer and that kind virus was familiar to me when we started to use mp3 player for copying music files from friends back in student life.
Nowadays, there are so many cases where victims were getting cyberattack with a spamming call or message that doesn’t need any technical knowledge from spammer. They can make the victim reveal their important ID and financial account password from a fake call or link that resembles the communication coming from an official site or any authorized person of a trusted organization.