A password is private and confidential piece of data. It has the ability to protect sensitive personal and business information. Because of this, attackers continuously target passwords in hopes of gaining access to data.
Let’s take a look at a few techniques most commonly used among attackers.
FREE Download: How To Perform A SaaS Application Inventory In 5 Simple Steps
Brute Force
Brute force involves using an automated program that can guess passwords very quickly. This program may use several different techniques, including:
– Using a dictionary of common words.
– Using a list of the most common passwords.
– Failing other techniques, attempt combinations of letters and numbers.
Guessing Game
Since account lockouts are generally tracked for each account separately, a variation of this technique is to guess the most common passwords against a list of accounts to avoid triggering the account lockout safety mechanism.
Research has shown that some of the passwords most commonly used on the Internet include “12345”, “123456”, “12345678”, “password”, and “iloveyou”.
Passwords comprised of simple words, names, places, numbers, and even combinations (such as ‘abc123’) are trivial to guess.
Being Sneaky
One of the oldest and simplest methods for someone to get your password is to simply steal it by:
– Watching over your shoulder as you type it.
– Finding a sticky note hidden under the keyboard (or worse, right on the monitor!).
– Viewing it in a text file on the computer when you step away for a coffee break.
Believe it or not, hackers can steal your password because, for whatever reason, you directly told it to them at some point in time.
Safelight Security | Information Security Awareness Training | More Password Security
Safelight‘s employees are security experts who are also educators. The company combines real-world security skills with innovative adult learning methodologies, focusing on the best ways to teach information security to everyone in customers’ organizations.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.