A simple way in which a password can be cracked can be seen by taking toolsfornoobs — https://www.tools4noobs.com/online_tools/hash/
and crackstation — https://crackstation.net/ websites.
What you can try is on the hash tool make a hash (digest) of a password like “test1234” using a hashing algo like md5/sha1 (MD5 , MD4 , SHA1 are not considered secure enough) and copy the hash into the crackstation textview and crack the hash and you may get the password back from the hash..
Essentially, what happens is that the website looks for a match of the hash you provided with a database of stolen hashes and returns the password.
Passwords are stored as hashes on database servers but still attackers manage to get these files using various techniques.
Dictionary attacks:
A dictionary is just what a dictionary is — a collection of unrelated words. Hacker generates thousands of candidate hashes and create a huge lookup table of passwords and hashes. Then, hacker compares the individual entries from the lookup table to those in a stolen hash database. Computers manage this task in a few hours, maybe even minutes.
Brute Force Attack:
When a hacker use computers to cycle through each letter in a character set that can comprise of any characters. .Basically, trial and error method to attempt all the combinations for a password, but this is only efficient for short passwords.
How to prevent brute force password attacks:
Be paranoid and keep updating passwords every 3 months and use a password managing tool — I use Keepass XC. Different passwords for different platforms. Using passphrases is also a good practice.
BE SAFE!