Password-related attacks

Most systems use a username/password combination to authenticate users.

The username is often simple/easy to guess (for example the user's email address), and the strength and secrecy of the password is relied on to provide the necessary security.

Attackers can learn a user's passwords via multiple methods:

  • Guessing

  • Dictionary attack: A program runs through a 'dictionary' of list of common words/passwords to find the target's password.

  • Brute force attack: A program tries every possible combination of letters, numbers, and special characters to find the target's password.

Strong passwords should contains:

  • at LEAST 8 characters (preferably more).

  • a mixture of UPPERCASE and lowercase letters.

  • a mixture of letters and numbers.

  • one or more special characters (#@!?etc.)

  • should be changed regularly.

PreviousSocial Engineering AttacksNextMulti-factor Authentication

Last updated