password hacker guess attackCould you imagine, hackers may already know your password. Are you the type of person that uses the same password on facebook as you do for your online banking? That question should hopefully inspire some thought. Password security is very important. More important than many seem to realize. Getting passwords may also not be as hard as you think.

How might a hacker know my password you ask? Hackers can use one of several similar methods to attack for your password: guessing attacks, dictionary attacks or a brute force attack.

Guess Attacks

Passwords can sometimes be guessed by humans with knowledge of the user’s personal information. Here are some examples of a guessable password:

  • the words “password”, or “admin”
  • a row of letters from the qwerty keyboard — qwerty itself, asdf, or qwertyuiop)
  • the user’s name or login name
  • the name of a significant other, a friend, relative or pet
  • their birthplace or date of birth, or a friend’s, or a relative’s
  • their office number, residence number or most commonly, their mobile number.
  • a name of a celebrity they like
  • a simple modification of one of the preceding, such as suffixing a digit, particularly, or reversing the order of the letters.
  • a swear word

These days with social media it is not difficult for a hacker to find personal information about you online. Some of the surveys or ‘friends’ you may have in social networks may actually have malicious intentions and are gathering information about you. Attackers are smart and have a lot of experience, you may think your password is secure and creative because you graduated from Valley High School in 1996 so your password is ‘ValleyHigh96’ but an experienced hacker may be able to figure that out simply from gathering information about you!

Guessing is particularly effective with systems that employ self-service password reset. For example, in September 2008, the Yahoo e-mail account of Governor of Alaska and Vice President of the United States nominee Sarah Palin was accessed without authorization by someone who was able to research answers to two of her security questions, her zip code and date of birth and was able to guess the third, where she met her husband

Any of the above are common password mistakes. If you are making any of these mistakes, it’s time to make some password changes.

See also posts on Dictionary Attacks, and Brute Force Password Attacks.