Virtually every site or service available on the Internet has a password—everything from your bank to your favorite grocery store. The best passwords are virtually impossible to guess, but with the vast number of passwords we require in every-day life, people often use easy passwords or take shortcuts so that they don't have to carry a list of secret words. If you need to discover somebody's password, recall one your own that you might have forgotten, or perhaps learn what password schemes not to use, this article is for you.


Use what you know. There are situations where you might know somebody's password for a particular site. Try using that password on other sites. Many people use the same single password for everything.
This is a particularly risky password management technique. Even if you have a random 28-character password with mixed alpha-numerics, capitals, and symbols, if somebody finds out what that is, all your sites are available for invasion.


Search their computer. Do quick search for folders that might be named "accounts" or "info," or in case they're really not so good about security, a folder named "passwords."
  • Examine the contents of any folder you find that might contain the necessary info. If the passwords are for specific accounts, and there is more than one account listed, you will have an idea about their password scheme.
  • If all the passwords are the same, they're probably the same for all their accounts.
  • If all the passwords are just slightly different, such as "account A: paSSword1; account B: paSSword2," etc., you can extrapolate from that pattern.


  • Click on the forgotten password link. Most sites have this right next to the password entry field, and usually it's a simple matter of retrieving the email that is attached to that account.
  • If you are at the computer of the person whose account you're trying to hack, you can open the email, and will either be given the password, or the opportunity to reset the password. Click on the link, and follow the guidelines.
  • Remember to delete the email when you're done.
  • If the account you hacked (or the browser) allows you to save the password, then do so: your target may not discover they've been hacked for a while.
  • If your target password-protects their email, or goes to an email provider that is not immediately apparent—such as Yahoo Mail, or Gmail, you may need to do some sleuthing.


Take a guess based on common practices. People are creatures of habit, and don't want to have to think too hard to do repetitive tasks—tasks such as entering passwords. As a result, we tend to use words that are easy to remember. The trouble is, they're also easy to guess. Below are some of the worst offenders[1]. Feel free to wince if your own password is on this list:
  • password
  • 12345678 (or however many digits are required)
  • monkey
  • letmein (or in leet, l3tm31n)
  • trustno1
  • master
  • welcome
  • ashley
  • ninja
  • Jesus
  • mustang
  • Password (many people use this one)
  • Try any of the above, capitalizing either the first letter or the last, or adding an exclamation mark at the end.


Take a guess based on personal information. Try their birthday, their zip code, their lunch number, the names of their family or pet, favorite author, or anything else you think might be important to them.


Ask them. There's nothing like the direct approach! Make up an excuse for why you need their account or why you need to log in. If it's a good friend or a family member, they will probably give it up without asking.
If that's the case, you'll want to have a very good reason for violating their trust, but there are situations where that's exactly what's needed.


Ask somebody who might know. If all else fails, ask the people who are close to your target. Like asking them directly, this is not something to try unless you have a very good reason for hacking their accounts.


Be a detective. Watch them the next time they type in their password, set up a hidden camera, or install a key-capture application to catch what characters they're entering.
There are even smartphone apps under development that can sense the strength and frequency of vibrations, and translate that into the correct keystroke.[2] In theory, you could set your phone down on your target's desk, what they type will be recorded for you to review at a later time.


Download or write your own keylogger for your computer, which will keep track of all the keys anyone presses and store them on your computer. If you can somehow get the person to log onto your computer, you will be able to get their password.
Passwords are case-sensitive. If you know the password is "password," but it doesn't seem to work, try using uppercase letters for each letter until you find the right one.
Secretly watch their keyboard.
Try to find more about them. Some people create their passwords based on personal information. If you like, ask them their birthday, their age, their full name... But don't go to far or they will find out what you are trying to do. For example: If their name is Devin, and they are 23. Their password might be something like "Devi23in."