Embedded Files
What is one of the first ideas that comes to the mind of a hacker who wants to gain personal information of a person and use it for malicious purposes? A password attack!
Password attacks are one of the most popular cyber-attacks, yet people still ignore the importance of creating strong and hard to crack passwords. All our accounts, whether they are related to social media, shopping, governmental, employer company sites, etc. are protected by passwords of our choice and the least we could do for our safety is to make it a strong one. Many people ignore that personal information contained in these accounts can be used against us and put us in risky and dangerous situations and that hackers don’t consider it as hard as we think to crack a password and gain access to private/critical information. In fact, recent statistics have shown that 81% of data breaches in 2020 were caused by password attacks and depending on the data managed by the hosting application/sites, password attack consequences can be financial fraud, exposure to sensitive information such as your location, work, and more. Password attacks can even lead to other sophisticated attacks such as Denial of service. Protection against such an attack is needed and doable as long as people take it into consideration.
How do Hackers carry out Password Attacks?
Password attacks are not considered to be recent since the username-password association has been a main authorization method from a long time ago, so attackers had plenty of time to come up with many tools and methods for carrying out this attack and you should always be ready for what’s coming!
The following are some of the popular methods used for this attack:
· Brute force:
Brute force is when an attacker uses all possible combinations of characters in the keyboard until it enters the correct one. The following image shows how long it takes for an attacker to get the right password depending on the password combination.
· Dictionary Password attack:
As the name suggests, in this method the attackers use a predefined list of words that they created based on certain patterns or previous successful password attacks. The list is then sent to a tool for it for it to attempt to gain authentication to user accounts.
· Keylogging:
In this method, the attacker downloads a type of spyware called keylogger and records everything a user types on his computer and uses it for extracting information and obtaining login credentials.
· Credential stuffing:
In this attack, the Hacker takes advantage of the possibility that a user will reuse a password in multiple accounts across multiple sites. Once he successfully obtains the passwords of some accounts, he uses those stolen passwords for attacking accounts on other platforms.
· Phishing:
Why would the attacker bother putting all this effort to gain a password when he can just ask the user for it through phishing?
How can we protect our passwords from this attack?
The following are some of the most useful tips to guard your accounts and maintain strong password protection:
Enforce and demonstrate strong password creation and policies: Passwords that contain 6+ combinations of upper case, lower case, numbers, special characters, and don’t contain words from the dictionary or part of the username are considered strong.
Use passwords that are hard to guess.
Applying multifactor authentication (MFA): Using passwords alone for authentication is not enough to secure accounts. Enabling MFA by utilizing a password along with another authentication method such as biometrics, one-time passwords (OTP), software tokens, and others, adds a layer of protection to the log-in process.
Keep your passwords unique and don’t reuse them.
Install anti spyware and to detect and protect against keyloggers.
Invest in a password manager: Password managers assist administrators in managing user credentials and storing them in strongly encrypted databases. Moreover, they can even be utilized to generate passwords for users based on best practices and following strong password policies.
Educate yourself and your employees on social engineering techniques to avoid falling for this trap and giving out sensitive information including passwords.
Change your passwords regularly.
Page updated
Google Sites
Report abuse