Skip to content
Need to learn or teach remotely? Check out our new resources to help you work, learn or teach from anywhere.

2. How Hackers Guess Passwords

Playback Speed:

In the previous video, you created ten passwords that you could easily remember.

When creating passwords, people often use: their own name, the name of a friend or sibling, the name of a pet, favorite sports teams, a place they’d like to visit, a hobby, foods they enjoy, the month and year they were born, their street address, or the word password.

Most devices, apps, websites, and games are built with safety measures to help protect their users’ security and identity.

However, there's always a chance that someone will try to guess a password in order to break into a computer system and steal, change, or destroy personal information.

This is called hacking.

The person who does the hacking is known as a hacker.

There are many different ways hackers can guess a password.

They might: hack a website without effective security measures to find your password, then use it on other sites, find personal information about you -- such as the month you were born -- and use that information to guess your password, or use a brute force attack.

A brute force attack is a trial-and-error method for obtaining a password.

It often involves using computer programs that can generate a large number of guesses -- many more than a human could try on their own.

One type of brute force attack is called the dictionary attack.

The dictionary attack uses lists of popular words from the dictionary -- exactly the kinds of words that many people use for their passwords.

In a dictionary attack, a hacker will use a computer program to automatically enter thousands of the most common words from a dictionary as possible passwords.

Then, the hacker uses software programs to change the words to different variations, such as: Changing lowercase letters to capital letters.

Adding symbols or punctuation to a password, such as an exclamation point.

Or adding numbers at the end of a password.

Dictionary attacks work because these are the same common words and variations often used by people when creating their passwords.

Do you think a dictionary attack could guess some of the passwords you created in the previous video?

To find out, you will launch a dictionary attack on yourself!

To begin, return to your Dictionary Attack spreadsheet.

Add a new tab and name it 5,000 Most Popular Words.

Next, open the starter project 5,000 Most Popular Words, and select all of column A.

A column is a vertical set of cells.

Copy the word list, then return to your Dictionary Attack spreadsheet.

Open the 5,000 Most Popular Words sheet, and paste the word list into column A.

Because there are so many words, it may take a few seconds for the words to appear.

Then, move on to the next video to launch your dictionary attack.

Now, it’s your turn: Add a new tab to your Dictionary Attack spreadsheet, and name it 5,000 Most Popular Words, Open the starter project, Copy and paste the word list into your new sheet.


  1. Add a new sheet to your Dictionary Attack spreadsheet, and name it “5,000 Most Popular Words.”
  2. Open the starter project.
  3. Copy and paste the word list into your new sheet.