Password Tips: The anatomy of a password Attack

Table of Contents

Your passwords grant access into your own personal kingdom, so you are probably thinking ‘what are the best practices to create a strong password’ to protect your accounts against these cybercriminals. If your passwords were part of a breach, you will want to change them immediately.

So, what’s the solution? Uncrackable passwords. But before jumping to that, let’s first take a look at the various ways passwords can be hacked, so that you understand the most common methods being used today.

Brute force attack

This attack tries to guess every combination in the book until it hits on yours. The attacker automates software to try as many combinations as possible in as quick a time as possible, and there has been some unfortunate headway in the evolution of that tech. In 2012, an industrious hacker unveiled a 25-GPU cluster he had programmed to crack any 8-character Windows password containing uppercase and lowercase letters, numbers, and symbols in less than six hours. It has the ability to try 350 billion guesses per second. Generally, anything under 12 characters is vulnerable to being cracked. If nothing else, we learn from brute force attacks that password length is very important. The longer, the better.

Dictionary attack

This attack is exactly what it sounds like — the hacker is essentially attacking you with a dictionary. Whereas a brute force attack tries every combination of symbols, numbers, and letters, a dictionary attack tries a prearranged list of words such as you’d find in a dictionary.

If your password is indeed a regular word, you’ll only survive a dictionary attack if your word is wildly uncommon or if you use multiple word phrases, like LaundryZebraTowelBlue

 Phishing

That most loathsome of tactics — phishing — is when cybercriminals try to trick, intimidate, or pressure you through social engineering into unwittingly doing what they want. A phishing email may tell you (falsely) that there’s something wrong with your credit card account. It will direct you to click a link, which takes you to a phoney website built to resemble your credit card company.