How many action movies have you seen where a young outcast “hacks” into the computer of the bad guy with just a few commands and a smirk on his face? Many, right? Do you want to know how to crack even the hardest password?
Let’s see the most popular password-hacking techniques and what you can do to be protected.
What is a Brute force attack?
Brute force attacks are different methods where the attacker pushes passwords, trying to guess the right one. This basically includes manual tries such as user “admin” and password “1234”. The Basic Brute force attack is very ineffective, but if you are trying to crack an airport Wi-Fi network or a coffee shop one, you might have a good chance.
What is a Dictionary attack?
The criminal can be more sophisticated and he or she can use software that automatically tries different combinations of usernames and passwords.
Dictionary attacks are a type of a Brute force attack. In this case, the hacker has a dictionary, a large list of possible usernames and passwords, and tries them all out. The list can comprise the most common combinations on the internet, additional data for the target, and more. This attack takes time, it is not so complicated and often gives results.
What is a Mask attack?
The Mask attack is another similar method to the Dictionary Brute force attack, where the attacker uses combinations of usernames and passwords. The difference is that here, there is a mask which reduces the number of tries, based on information that the hacker has obtained like what characters the password has, the number of characters, if there are numbers or not, and so on. The biggest difference is that it is much faster because of its focused scope, reducing the number of attempts.
How to protect yourselves from Brute force attacks?
- Use 2-factor verification.
- Hide your admin panel. There is no need to have a public link to the admin panel.
- Limit the login attempts. If the system doesn’t allow more than 5 errors, the hacker must be extremely lucky to guess it correctly.
- Don’t use basic passwords.
- Stop recycling your passwords.
What is a Rainbow table attack?
A Rainbow table attack is an attack over the so-called rainbow hash tables that contains encrypted password and username combinations in a database system.
The data in the database is encrypted, but the cyber-criminals use scripts to decipher the encryption and get to the real table values.
The problem is that they can observe the process of the Rainbow table and see the patterns.
Although it sounds nice, this password attack is very nasty.
How to protect yourselves from a Rainbow table attack?
- Protect your server so the hackers can’t get to the Rainbow table in the first place.
- During the process of encryption, use an algorithm that adds as much as possible random information.
- Do not reuse a password, because it will be easier to crack the pattern.
What are the network tools for stealing passwords?
There are different network tools that can intercept passwords on the network. This could happen if the passwords are used on an unsecured network such as an unprotected coffeeshop Wi-Fi network. The password that you are using there could be a simple text message and can be stolen incredibly easily.
To perform such an attack, the hacker needs access to the network, and/or directly to the router. In many cases, the networks are too weak anyway, but those that have some protection can be infected with malicious software which would lead to similar results.
How to protect ourselves from this threat?
- Encrypt the traffic, so even if an attacker intercepts a transmission, he or she would need the key to read it.
- As a user on a network, tunnel your traffic using a VPN. It will do the encryption for you and you will have safe access.
What is the spidering technique for stealing passwords?
The spidering technique for stealing passwords uses many bots that crawl over the internet – websites and social media, to find all kinds of information that can be used for a further attack later on. Just like Google sees everything, there are bad crawlers too which are constantly searching for your information. They will collect anything that they can relate to the target and create lists for Brute attacks or Social engineering attacks.
How to protect yourselves from the spidering technique and bad crawlers?
- Keep all your profiles private and don’t share work-related information.
- Sites like LinkedIn are meant to be public, but you can limit the data that you are showing.
What is a social engineering attack?
There is a spy among us! The trick of the social engineering technique is to make the victim believe that the criminal is actually part of the team. To perform such an attack, the attacker will need some serious preparation, sending different emails to different people inside the company, getting general information, brand identifications, protocols. They will later use all the new knowledge to impersonate a real employee. Often the attacker will contact the internal IT team and ask them for his or her “forgotten password”. If he/she plays the part well enough, the result can be successful.
How to prevent social engineering attacks?
- To prevent social engineering attacks first educate your team on the topic. What it is and what danger it has for the company.
- Make sure that all the safety protocols are in use and nobody makes exceptions for a “friend”.
- Use multi-factor verification, so the password is not the only key needed.
- Don’t let information be public if it is not needed to be public. The criminals can use any information that they deem useful.
What is a phishing attack?
One of the most common ways that cyber-criminals try to get your password is by making you give it to them directly. The phishing attacks hide themselves under normal-looking emails, messages from your contacts on social media, or random lottery winning banners. The victim clicks on the link and is redirected to another site, where they need to write their information like passwords, bank data, and private information.
The victims get trapped because they believe they have been contacted by a legit entity thinking is from the authorized source.
Another variation of a phishing attack installs malicious code when the victim clicks on a particular link. The link can be anything from a link in an email to a cute gif with a puppy.
How to protect yourselves from phishing attacks?
- If you see an email that looks a bit stranger than the rest, beware.
- Take a look at the “Sender” of the email. Make sure it responds to the domain name.
- If the link is from a site that you know, it’s better to try to enter the site directly and verify the information in the email/message.
- If you got a strange message from some of your contacts, call them fist.
- Use a separate computer for your work and don’t use that device for anything else. One mistake could lead to a big problem.
What is a Shoulder surfing attack?
The Shoulder surfing attack is a simple example of how a person near us peaks over our shoulder to see our login credentials. They can write them down and use them for a later attempt to enter the system. Sounds ridiculous, but there are many employees that login to the company’s system from a public place, without taking any additional measures. The criminal is not necessarily a hacker in this case. Just a regular passerby.
How to protect yourselves from shoulder surfing attacks?
- Do not login from public places or when there are other people close by.
- Cover your device when inputting your credentials, just like with ATMs.
How to create a great password for your account?
Create your password following these rules:
- Create long passwords. The longer, the better.
- Use uppercase and lowercase letters, symbols, and numbers.
- Change the passwords often, even if you don’t think they have been exposed anywhere.
- Don’t use the same combinations on usernames and passwords for different sites.
If you want to know more about how to choose a password, we have a great article for you: “The Ultimate Cheat Sheet On Perfect Passwords”.
Try not to make some of the popular mistakes in this list, be vigilant of the strange behavior of your colleagues, and have a strong password with a symbol, lower, and capital letter in the first place.
It is hard to be safe, but we all have to do our best because a backdoor caused by us, might expose our company’s information, all the employees and clients, to many threats.
Attacks can affect our personal and professional arsenals. If you want to be well protected and not think personally about some of these problems, you can use the services of a data center: