If you were to ask us what one of the most important cyber security features to have is, chances are, we’d answer “secure passwords.” Sure, this might be the answer that you’d hear from everyone, but that’s because it is really that important. For our tip, we’ll review how it’s so important by looking at a few key processes hackers use for password attacks.
How Your Passwords Are Stored
When you input a password into a program or a website, it needs to be looked at against some record to ensure that it is the correct credential. That record contains your password in a mathematically-based scrambled form known as a hash.
Using a hash means that the password isn’t as easy for a hacker to intercept. However, this is not to say that an attacker has no options to leverage, either.
How a Hacker Can Use the Hash
Unfortunately, there are a few ways that a hacker can still work to crack your password. For instance, online attacks are typically leveraged with the assistance of social engineering or phishing efforts, with more likely passwords being deduced by the hacker before attempting any and inadvertently locking down the account.
There are also offline attacks where the hacker simply takes the hash and brings a copy offline to work as they are able. These attacks are relatively effective against intercepted documents with password protections, although they are still far from easy.
Other Efforts a Hacker Makes
In order to effectively conduct an offline attack, the hacker may ultimately need to try out multiple passwords. These numbers can approach the millions and billions. However, hackers also have a few means to narrow down the possibilities. Thus, enabling them to greatly decrease the time it takes to crack the targeted account.
Dictionary Password Attacks
Many hackers have their own dictionaries of common passwords to test out. They contain entries like ‘admin,’ “12345,” and the old classic, “password.” Of course, their resources could contain millions of potential passwords. They usually utilize the power necessary to review them much faster than any human could unaided.
Character Set Password Attacks
If a password doesn’t appear in a hacker’s dictionary, they can instead utilize programs that enable them to cross-reference certain rules to identify a password’s contents. For instance, if they had the necessary information, a hacker could specify a certain number of characters in a password. Additionally, whether any letters are capitalized or lowercase, and many more specific details. This enables passwords to be cracked much more efficiently.
Brute Force Password Attacks
When a gentler touch fails them, a hacker can resort to performing a brute force attack on your password. These attacks try any combination of characters possible until they either stumble upon the correct combination or simply overwhelm a system.
As you can see, there are plenty of ways that a password can be cracked. This is precisely why we encourage users to never use the same password twice. Additionally, regularly change their passwords, and utilize 2-factor authentication whenever possible. This will ensure that even if your password gets stolen, there is a lower chance of it being used against you.