Our Blog: Stuff we think you should know

Understanding How a Password is Cracked

Understanding How a Password is Cracked

If you were to ask us what one of the most important cybersecurity features to have is, chances are, we’d answer “secure passwords.” Sure, this might be the answer that you’d hear from everyone, but that’s because it is really that important. For our tip, we’ll illustrate how it’s so important by examining a few key processes hackers use to crack a password.

How Your Passwords Are Stored
When you input a password into a program or a website, it needs to be referenced against some record to ensure that it is the correct credential. That record contains your password in a mathematically-based scrambled form known as a hash.

Using a hash means that the password isn’t as easy for a hacker to intercept. However, this is not to say that an attacker has no options to leverage, either.

How a Hacker Can Use the Hash
Unfortunately, there are a few ways that a hacker can still work to crack your password. For instance, online attacks are typically leveraged with the assistance of social engineering or phishing efforts, with more likely passwords being deduced by the hacker before attempting any and inadvertently locking down the account.

There are also offline attacks where the hacker simply takes the hash and brings a copy offline to work at as they are able. These attacks are relatively effective against intercepted documents with password protections, although they are still far from easy.

Other Efforts a Hacker Makes
In order to effectively conduct an offline attack, the hacker may ultimately need to try out multiple passwords - numbers that can approach the millions and billions. However, hackers also have a few means to narrow down the possibilities, enabling them to greatly decrease the time it takes to crack the targeted account.

Dictionary Attacks
Many hackers have their own dictionaries of common passwords to test out, with entries like ‘admin,’ “12345,” and the old classic, “password.” Of course, their resources could contain millions of potential passwords and they usually utilize the computing power necessary to review them much faster than any human could unaided.

Character Set Attacks
If a password doesn’t appear in a hacker’s dictionary, they can instead utilize programs that enable them to cross-reference certain rules to identify a password’s contents. For instance, if they had the necessary information, a hacker could specify a certain number of characters are in a password, whether any letters are capitalized or lowercase, and many more specific details. This enables passwords to be cracked much more efficiently.

Brute Force Attacks
When a gentler touch fails them, a hacker can resort to performing a brute force attack on your password. These attacks try any combination of characters possible, until they either stumble upon the correct combination or simply overwhelm a system.

As you can see, there are plenty of ways that a password can be cracked, which is precisely why we encourage users to never use the same password twice, regularly change their passwords, and utilize 2-factor authentication whenever possible. This will ensure that even if your password gets stolen, there is a lower chance of it being used against you.

Reach out to us to learn more about your cybersecurity give Haber Group a call at 866.625.3560 today!

Tip of the Week: How to Hide Yourself from Skype
How Retail is Starting to Need IT


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, March 25 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Cloud Email Hackers Privacy Business Malware User Tips Computer Business Computing Network Security Internet Microsoft Productivity Google Tech Term Software Hosted Solutions Mobile Devices Efficiency IT Services Communication Small Business Windows 10 Hardware Smartphone Data Ransomware Backup IT Support Android Productivity Microsoft Office Saving Money Workplace Tips Managed IT Services Data Recovery Data Management Browser Business Continuity Cloud Computing Internet of Things Gmail Windows Innovation Facebook Managed IT Services Server Upgrade Data Backup Word Passwords App Outsourced IT Office 365 Users Windows 10 Phishing Smartphones Disaster Recovery Vulnerability Business Management Managed Service Provider Cybersecurity Employer-Employee Relationship VoIP Encryption Remote Monitoring Chrome Mobile Device communications Social Media Artificial Intelligence Government Managed Service Money BYOD Information Applications Office Tips Network Infrastructure Hacker Content Filtering Apple Spam Website Big Data Analytics Miscellaneous IT Support Tip of the week Wireless Employee-Employer Relationship Robot Antivirus Printing Automation Access Control Firewall Router Customer Service WiFi Avoiding Downtime The Internet of Things Save Money Settings Two-factor Authentication Virtual Reality IT Management Bandwidth Paperless Office Maintenance YouTube Data storage Display Risk Management Tablet Company Culture Monitors Apps Networking Administration Mobile Device Management Chromebook Hacking Customer Relationship Management VPN Wi-Fi HIPAA Operating System End of Support Data Security Laptop Document Management Data loss Business Technology Development Augmented Reality Computing Presentation Virtual Private Network Password Google Drive Mouse Vendor Management Safety Mobile Security Office Server Management Wireless Technology Downtime Gadgets Touchscreen LiFi Computers Recovery Hosted Solution Virtualization Storage Telephone Systems Retail SaaS Business Intelligence Quick Tips Scam Search Education Holiday Unified Threat Management IBM Outlook Net Neutrality Screen Reader Security Cameras Social Printer VoIP Wearable Technology Experience Unified Communications Solid State Drive Typing Digital Payment User How To Computing Infrastructure Dongle Refrigeration Smart Technology Motherboard Recycling Human Error Running Cable Politics Public Speaking WannaCry Permissions Assessment MSP Scalability Virtual Desktop IT service Legislation Heating/Cooling Identity Deep Learning Humor Competition Hard Disk Drive FCC Smart Tech Managing Stress Managed Services Buisness Hacks Collaboration Time Management PowerPoint Cryptocurrency Firefox Alerts Service Level Agreement IT solutions Budget Cabling Distributed Denial of Service eWaste Lithium-ion battery Device Tech Support Fraud Internet Exlporer Migration How To BDR Comparison Servers LED Bring Your Own Device sip Computer Care Title II Connectivity Cables 5G Laptops File Sharing SharePoint Network Management Onboarding Bitcoin Network Congestion Licensing Techology Slack Cortana Samsung Undo Managed IT Service Managed IT Modem Continuity Mobility Halloween telephony Websites Identity Theft Digital Lenovo Value Charging Fun Information Technology Marketing Google Maps Specifications Compliance Smart Office Co-Managed IT Best Practice Training Online Mail Merge IoT Wires Software as a Service Writing Application Downloads IT Technicians Digital Signage Google Docs Print Toner Scary Stories Windows 8 Automobile Cooperation Unified Threat Management Monitoring G Suite Disaster Break Fix Shortcut Cookies Solar Business Growth Spyware Hotspot Superfish Professional Services Messaging Google Wallet Black Friday Statistics Regulations Work IP Address Content Cybercrime Microsoft Excel Address Star Wars Voice over Internet Protocol Entertainment Current Events Multi-Factor Security Mirgation Desktop Shortcuts Sports Staff User Error Spying Knowledge Legal Uninterrupted Power Supply Dark Web Patch Management Nanotechnology Alt Codes Dark Data Language USB Analysis Drones Remote Computing Hard Drives Cyber Monday Bluetooth Social Networking Optimization Mobile Office Streaming Corporate Profile Blockchain Cost Management FinTech iOS Going Green Social Engineering Update Google Calendar Chatbots Troubleshooting Computer Repair IT Consultant Relocation Unsupported Software Processors Cameras Tracking Emergency Meetings Printers Health Cleaning Private Cloud Mobile Data Alert CCTV Emoji Webcam Electronic Medical Records Work/Life Balance Error Windows 7 Black Market Point of Sale Law Enforcement Mobile Computing Travel Physical Security Notifications Botnet Supercomputer Regulation Upgrades Twitter Gadget Staffing Motion Sickness Personal Information Administrator Crowdsourcing Taxes Machine Learning IT Budget CrashOverride 3D Printing Web Server GPS Domains