ID #1142

How are passwords stolen?

Hackers have many tools, such as dictionary programs and sniffers, to assist them.

  • A hacker will launch a dictionary attack by passing every word in a dictionary (which can contain foreign languages as well as the entire English language) to a login program in the hope that it will eventually match the correct password.
  • A sniffer can read every keystroke sent out from your machine, including passwords.
  • Hackers even employ a password gathering technique called phishing.
  • Phishing is when a victim is instructed to enter a username and password into a website, usually under the guise of, "your password may have been compromised."

A large portion of stolen passwords result because of the users themselves.

  • They willingly share their passwords.
  • Users are too predictable in their choice of passwords.
  • Users choose a password that is too short or too easy to guess.
  • Passwords are about identity. We tend to reveal ourselves in our passwords.
  • We often choose the name or birth date of a loved one; we use our address, telephone number, or Social Security number; we use the name of a favorite artist, actor, or author.
  • Or we are wise enough to avoid any personal references but choose a word that is ridiculously short, a dictionary word, a name or word spelled backward, or an alphabet or keyboard sequence.
  • Just because we think a foreign word is obscure doesn't mean that it isn't in a dictionary somewhere.
  • The point is that all of these types of words are easily guessed, which makes the job of password cracking straightforward.

Tags: -

Related entries:

You cannot comment on this entry