Common password cracking methods:

 Social Engineering
 Shoulder Surfing
 Dumpster Driving
 Guessing
 Dictionary attacks
 Brute-force Attacks
 Phishing
 Rating and Key loggers
Social Engineering:
Social engineering is when a hacker takes advantage of trusting human beings to
get information from them. For example, if the hacker was trying to get the
password for a co-workers computer, he could call the co-worker pretending to be
from the IT department. Social Engineering is used for different purposes.
Countermeasure:
If somebody tries to get login information or any other sensitive information from
you, ask them some questions. Try to find whether the one who is trying to get the
info is legit or not.
Shoulder surfing:
This method doesn’t need the usage of hacking knowledge. The hacker would
simply attempt to look over your shoulder as you type in your password.
Countermeasure:
Make sure nobody’s looking when you type your login info.
Dumpster Driving:
In this the hacker would simply try to find any slips of paper in which you have
written the password.
Countermeasure:
Do not write your passwords or login information anywhere. If you write, keep
them somewhere safe.
Guessing:
If your passwrod is a weak password, a hacker could simple guess it by using the
information he knows about you.
Guessable passwords:
1. Blank (None). (Most of the websites do not allow blank passwords)
2. The word "password" "passcode" "admin" and their derivatives.
3. The username or login name.
4. The names of their loved ones.
5. Their birthplace or date of birth.
6. A dictionary word in any language.
7. Automobile license plate number.
8. A row of letters in a standard keyboard layout.
Example: asdfghjkl or qwertyuiop etc.
Countermeasure:
Use passwords that are not easily guessable and not found in any dictionary.
Dictionary Attacks:
A dictionary attack is when a text file full of commonly used passwords, or a list of
every word from the dictionary is used against a password database. Strong
passwords usually aren’t vulnerable to this kind of attack.
Countermeasure:
Use the passwords that are not found in dictionary in any language.
Brute-force Attacks:
Brute-force attacks can crack any password. Brute-force attacks try every possible
combination of letters, numbers, and special characters until the right password is
found. Brute-force attacks can take a long time. The speed is determined by the
speed of the computer running the cracking program and the complexity of the
password.
Countermeasure:
Use a password that is complex and long. Brute-force attack may take hundreds,
even thousands of years to crack complex and long passwords.
Phishing:
Many hackers and internet security experts say that Phishing is the most easiest
and popular way to get the account details. In a Phishing attack the hacker sends a
fake Facebook or any other webpage link to the victim which the hacker has
created or downloaded and uploaded it to any free hosting sites like
http://www.100mb.com or any free webhost. The hacker sends the fake login page
link through E-mail or while chatting, etc. When the victim enters the login details,
the victim is redirected to the original login page and the hacker gets the victim's
login details.
Countermeasure:
Phishing attacks are very easy to avoid. When you are asked to put your personal
information into a website, look up into the URL bar. If for example you are
supposed to be on facebook.com and in the URL bar it says something like
facebook.something.com or something, the you should know it’s fake.
RATing and Keylogging:
In keylogging or RATing the hacker sends a keylogger server or RAT server to the
victim. The keylogger records every key stroke of the victim. When the victim is
typing the account details, the keylogger records and sends it to the hacker.
Countermeasures:
It is better to use on-screen keyboards or virtual keyboards while tying the login
info or personal info. Install the latest anti-virus software and keep them updated.

Note: There are several other types of password cracking but, these are the
most common types to the privacy of the users.