Passwords have long been considered an essential method for protecting a computer against outside threats; however, hackers are always looking for new methods of breaking in and accessing personal or corporate data.
Hackers employ various means to crack passwords, from shoulder surfing or voice eavesdropping to sophisticated password hacking tools. Some of the more frequently used are:
Password Strength
Password strength is a measure of how resistant a password is against guessing or brute force attacks, taking into account factors like length, complexity, keyboard patterns and other rules designed to assist users in creating strong passwords that make them harder for hackers to guess.
Longer passwords are harder to crack. Combining uppercase letters and lowercase letters, symbols, special characters or numbers as well as not using them across multiple accounts will increase its strength. Furthermore, users should avoid including personal or easily identifiable information in their password such as dates of birth, family names or pet names or aliases; such words and information often feature in dictionaries or word lists making them easy to guess.
Brute Force Attacks
Guessing passwords can be a time-consuming task for hackers. Since many users re-use the same username-password combinations across various sites, hackers use brute force attacks that attempt all possible combinations of letters, numbers and symbols in order to guess a password.
Limiting login attempts and using CAPTCHAs as well as salts for hashing passwords to prevent automated brute force attacks is one way to deter attackers, while showing error messages after several failed login attempts and locking accounts with failed attempts is another way to deter attacks; this method is known as Reverse Brute Force Attacks.
Dictionary Attacks
Dictionary attacks use word lists to attempt to guess passwords by trying common words, variations on them and related phrases from them. If the first phrase doesn’t work out, another may be tried until one succeeds – this process could take anywhere from milliseconds to years depending on how complex your password is.
Cybercriminals can create wordlists themselves or obtain them through leaked data, social media profiles and other sources. Furthermore, they know which passwords users choose – such as their pets’ or children’s names or team affiliations’ nicknames, as well as easy-to-guess phrases like “123456” or “password.”
There are steps available to us that can prevent dictionary attacks online: captchas, mandatory two-factor authentication and limits on how often someone attempts to log in before their account gets locked out.
Rainbow Tables
As with the tables you used as a child to aid with multiplication homework, rainbow tables are large lookup tables used to expedite password cracking processes more quickly and efficiently.
Cybercriminals use rainbow tables to compare pre-computed hash codes against those stored in organizations’ password hash storage documents that they gain access to, in order to reverse map the digests back to an readable version of their original passwords.
This approach is much quicker than brute force or dictionary attacks, yet still requires large volumes of data–sometimes Terabytes in some instances–to make work. Therefore, it’s crucial to implement an effective security solution which can quickly identify any suspicious network activity and stop potential compromise attempts before they take place.
