We’ve previously discussed guess attacks and dictionary attacks on your passwords. And we’ve determined now that password security is of the utmost importance. Just today I repaired a machine for a customer and their Vista login password was an old phone number of theirs. Seven digits that could easily be found with an archived search of readily available online databases. As much as passwords are a pain, your security and identity is far more important. Rather deal with a slightly complex password and a little bit of extra thought, than deal with the pain of a stolen identity and lost funds! With what we’ve learned thus far, there is still yet another method attackers can utilize to gain your password.
What’s a brute force attack?
In a brute force attack a hacker would utilize software that would essentially try every possible password. In theory, if there is no limit to the number of attempts, a brute force attack will always be successful since the rules for acceptable passwords must be publicly known; but as the length of the password increases, so does the number of possible passwords. This method is unlikely to be practical unless the password is relatively short.
A common password length recommendation is eight or more randomly chosen characters combining letters, numbers, and special characters (punctuation, etc). This is the key, and a must follow rule of thumb when it comes to making passwords. In addition, don’t use the same password on every website, and especially don’t use same or similar passwords on social networking sites, as you do for banking and online shopping sites that may store your credit card information.
Brute Force attacks get a little more complicated of course, and there are variations, both generic and smart attacks. More can be read about this here.
See these other articles on Information Carnivore:
Passwords are a pain
Hackers may already know your password
Dictionary Attacks on your password
12 comments
Safe password Management, better than sticky notes. « Information Carnivore says:
Jul 27, 2010
[…] Passwords: Brute Force Attacks & You. Passwords: Dictionary Attacks & You. Hackers May Already Know Your Password Passwords are a Pain: Top 7 Password Mistakes submit_url = 'http://www.infocarnivore.com/2010/07/27/password-management-better-than-sticky-notes/'; […]
BloggersBase Internet says:
Aug 1, 2010
How long can I browse the web with no antivirus protection?…
Maybe you’ve heard of them running a car with no oil to see how long it takes for the engine to seize? (Normally bets are taken and whoever guesses the closest time, wins.) Well how long can I……
How long can I browse the web with no antivirus protection? « Information Carnivore says:
Aug 11, 2010
[…] have a lot of opportunity to gather information on you. They can utilize dictionary attacks, brute force attacks, or even potentially social engineer you for your […]
Banks force weak passwords on members « Information Carnivore says:
Aug 17, 2010
[…] Online Password Generator, and you can find out just how quickly your password could be hacked by brute force. A four character password no matter what special characters or numbers are used can be hacked in […]
BloggersBase Internet says:
Aug 18, 2010
Big Banks force Weak Security on Members…
Do you bank online? Your account may not be as secure as you’d like to think it is! The other day I was setting up my online account for my television cable provider and was asked to select a……
Ileane says:
Sep 2, 2010
Check the trackback link and you’ll see a few responses to what I posted. Thomas Morfew is one user that has a keen interest in everything “China”.
Daniel Snyder says:
Sep 3, 2010
Hmmm. no trackback, but I found you and therefore found the post! Thanks Ileane.
Daniel Snyder says:
Sep 3, 2010
Okay found the trackback… (I’m a little slow sometimes) LOL.
Hackers may already know your password | Info Carnivore says:
Sep 6, 2010
[…] See also posts on Dictionary Attacks, and Brute Force Password Attacks. […]
BloggersBase Internet says:
Sep 6, 2010
Hackers may already know your password…
Could you imagine, hackers may already know your password. Are you the type of person that uses the same password on facebook as you do for your online banking? That question should hopefully……
Rajesh@Hack Facebook Account says:
Dec 26, 2010
Bruteforce though pretty old now, still works in password cracking. Many online surveys and hacks have shown that more than 50% passwords chosen are usually unsecure and hence vulnerable to Bruteforce attack.
Daniel Snyder says:
Dec 28, 2010
Rajesh! I agree with you totally – bruteforce may be an old concept but it is rock solid… (remember John Connor in T2 brute forcing the ATM?) 🙂
Too many people pick common easy to guess passwords and for that reason they are easy to Brute Force.