Hackers have many tools, such as dictionary programs and sniffers, to assist them.
- A hacker will launch a dictionary attack by passing every word in a dictionary (which can contain foreign languages as well as the entire English language) to a login program in the hope that it will eventually match the correct password.
- A sniffer can read every keystroke sent out from your machine, including passwords.
- Hackers even employ a password gathering technique called phishing.
- Phishing is when a victim is instructed to enter a username and password into a website, usually under the guise of, "your password may have been compromised."
A large portion of stolen passwords result because of the users themselves.
- They willingly share their passwords.
- Users are too predictable in their choice of passwords.
- Users choose a password that is too short or too easy to guess.
- Passwords are about identity. We tend to reveal ourselves in our passwords.
- We often choose the name or birth date of a loved one; we use our address, telephone number, or Social Security number; we use the name of a favorite artist, actor, or author.
- Or we are wise enough to avoid any personal references but choose a word that is ridiculously short, a dictionary word, a name or word spelled backward, or an alphabet or keyboard sequence.
- Just because we think a foreign word is obscure doesn't mean that it isn't in a dictionary somewhere.
- The point is that all of these types of words are easily guessed, which makes the job of password cracking straightforward.