Hackers may already know your password. In a previous post, I wrote about guess attacks by hackers on your password. In this brief post I’m going to write about another method that an attacker could use to get your password. So by now, you’ve already made the important decision to use a different password for your facebook account than you do for your online banking. Good. Still, users often choose weak passwords. I listed some examples of ‘guessable passwords’ in the previous post. There are of course some additional simple examples that hackers can target in what is called a Dictionary Attack.
How can a dictionary attack be used to guess my password?
If your password is a single word which can be found in a dictionary, if it is a given name or family name or if it is too short (generally even six or seven characters is too short), or if your password fits into a criteria that attackers would call predictable (eg, patterns of alternating vowels and consonants, alternating numbers and letters etc). Password research over some 40 years has demonstrated that around 40% of user-chosen passwords are readily guessable by sophisticated cracking programs armed with dictionaries and, perhaps, the user’s personal information
Hackers can use readily available cracking programs into which they enter personal information about the user being attacked and generate common variations for passwords suggested by that information.
If you’ve been following the articles here on information carnivore in the ‘password’ category than you are now able to make some wise password choices. But there is one other form of attack that may be used to gain your password. Brute Force Attacks…
6 comments
Hackers may already know your password « Information Carnivore says:
Jun 18, 2010
[…] Tips « Zeus botnet analysis: Past, present and future threats Passwords: Dictionary Attacks […]
Tweets that mention Passwords: Dictionary Attacks « Information Carnivore -- Topsy.com says:
Jun 18, 2010
[…] This post was mentioned on Twitter by Daniel Snyder, Daniel Snyder. Daniel Snyder said: Dictionary attacks on passwords. @infocarnivore http://bit.ly/9gEfcz […]
Safe password Management, better than sticky notes. « Information Carnivore says:
Jul 27, 2010
[…] Brute Force Attacks & You. Passwords: Dictionary Attacks & You. Hackers May Already Know Your Password Passwords are a Pain: Top 7 Password Mistakes submit_url = […]
How long can I browse the web with no antivirus protection? « Information Carnivore says:
Aug 1, 2010
[…] than cybercriminals have a lot of opportunity to gather information on you. They can utilize dictionary attacks, brute force attacks, or even potentially social engineer you for your […]
BloggersBase Internet says:
Aug 1, 2010
How long can I browse the web with no antivirus protection?…
Maybe you’ve heard of them running a car with no oil to see how long it takes for the engine to seize? (Normally bets are taken and whoever guesses the closest time, wins.) Well how long can I……
BloggersBase Internet says:
Sep 6, 2010
Hackers may already know your password…
Could you imagine, hackers may already know your password. Are you the type of person that uses the same password on facebook as you do for your online banking? That question should hopefully……