What are Password-Cracking Techniques?
It is common knowledge that strong passwords, changed frequently, will help to protect your account credentials from being compromised. Unfortunately, there are many other ways that cyberattackers can gain access to your login information besides guessing your password. The following are password-cracking techniques that cyberattackers employ to hack into your accounts:
Brute force. In brute force attacks, cyberattackers may use sophisticated computer programs to run though all possible alpha-numeric combinations. In reverse brute force attacks, cyberattackers use commonly used passwords and attempt to guess associated usernames.
Mask attack. In a mask attack, cyberattackers checks passwords that match a specific pattern. This attack allows users to skip unnecessary character combinations and reduces the time spent on brute-force password recovery.
Credential stuffing. If a password has been revealed in a previous data breach, cyberattackers may try to use those credentials on other websites, knowing that many people reuse passwords.
Offline cracking. Offline cracking often involves a process of decrypting passwords by using a list of hashes taken from a recent data breach.
Dictionary attack. Dictionary attacks use a base wordlist containing frequently used passwords to try and login to a user account.
Rainbow table attack. In a rainbow table attack, a cyberattacker tries to use a rainbow hash table to crack the passwords stored in a database. A rainbow table is a hash function used in cryptography for storing important data, such as passwords, in a database. Sensitive data are hashed at least twice with the same or with different keys in order to avoid rainbow table attacks.
Eavesdropping. Password eavesdropping can be inadvertent or intentional, and voice-based or digital. This means that a password could be heard over a call with tech support, or it might be acquired through digital means, such as key presses transmitted over the air via Bluetooth.
Shoulder surfing. A cyberattacker or insider may acquire passwords by observing key presses by physically observing or with the assistance of electronic devices, such as cameras.
Spidering. In spidering attacks, cyberattackers familiarize themselves with their targets in order to obtain user credentials. This may involve obtaining training manuals to learn what types of platforms and security are being used or learning about the entity to try passwords that are related to their activities.
Traffic interception. Traffic interception involves cyberattackers using packet sniffing tools to capture and analyze any communication going on across the network. Through these sniffers, the cyberattackers are able to obtain password data.
Keylogging. Keylogging is a password cracking technique where a cyberattacker uses a program to track all of a user’s keystrokes on a computer, revealing their passwords.
Phishing. Phishing is a cyberattack where a user is tricked into revealing sensitive information, such as login credentials.