Password Attacks

By Henry Bagdasarian

One of the reasons that password attacks are still among the list of preferred methods for hackers to gain access to various accounts and systems is that systems are not designed properly to require strong passwords from system users. The system requirements sometimes allow passwords to include dictionary words which are easily cracked using some very basic tools, and, passwords follow a pattern such as "123456" which is also easily cracked. In addition, 55% of system users use the same password for accessing various online accounts. This is rather tragic because one cracked password can offer multiple opportunities to hackers for gaining access to important accounts.

A password which is also known as secret code, access code, Personal Identification Number or PIN is the tool which validates your identity to various systems and organizations as the account holder. Although we are slowly moving toward other means of complex authentication systems such as biometric authentication, we are still using secret codes to access and maintain our social media accounts, bank accounts, websites, and emails. Yet, many people choose the wrong passwords and have their accounts taken over by criminals. Strong passwords may not fully prevent the theft of your identity because your accounts can be taken over by other means, however, they will reduce your risk of account takeover.

As you know, there are tools in the market which are designed to crack passwords, which when combined with weak passwords, allow hackers to crack 50% of corporate passwords in a matter of minutes. According to research study by Trustwave which was compiled over a two years period analyzing around 620,000 passwords harvested during system penetration testing, half of the passwords were cracked within "the first few minutes" with 92 percent cracked within 31 days of intensive number crunching. Unfortunately, many system requirements allow passwords such as "Password1" or a baby’s name capitalized followed by a year. Usually, predictable keywords such as these are easily cracked.

You should consider passwords with 6 to 8 characters which include uppercase letters, lowercase letters, numbers, and special characters to make accounts more secure and it is even more important for system administrators to apply good password practices when setting up system requirements or accessing systems as admins to protect they business systems. To mitigate password attacks and related risks, users and system administrators should attempt to use different passwords for different accounts in order to reduce the risk of a cracked password to access other accounts.

Read this article for additional password tips.