Our Blog: Stuff we think you should know

Understanding How a Password is Cracked

Understanding How a Password is Cracked

If you were to ask us what one of the most important cybersecurity features to have is, chances are, we’d answer “secure passwords.” Sure, this might be the answer that you’d hear from everyone, but that’s because it is really that important. For our tip, we’ll illustrate how it’s so important by examining a few key processes hackers use to crack a password.

How Your Passwords Are Stored
When you input a password into a program or a website, it needs to be referenced against some record to ensure that it is the correct credential. That record contains your password in a mathematically-based scrambled form known as a hash.

Using a hash means that the password isn’t as easy for a hacker to intercept. However, this is not to say that an attacker has no options to leverage, either.

How a Hacker Can Use the Hash
Unfortunately, there are a few ways that a hacker can still work to crack your password. For instance, online attacks are typically leveraged with the assistance of social engineering or phishing efforts, with more likely passwords being deduced by the hacker before attempting any and inadvertently locking down the account.

There are also offline attacks where the hacker simply takes the hash and brings a copy offline to work at as they are able. These attacks are relatively effective against intercepted documents with password protections, although they are still far from easy.

Other Efforts a Hacker Makes
In order to effectively conduct an offline attack, the hacker may ultimately need to try out multiple passwords - numbers that can approach the millions and billions. However, hackers also have a few means to narrow down the possibilities, enabling them to greatly decrease the time it takes to crack the targeted account.

Dictionary Attacks
Many hackers have their own dictionaries of common passwords to test out, with entries like ‘admin,’ “12345,” and the old classic, “password.” Of course, their resources could contain millions of potential passwords and they usually utilize the computing power necessary to review them much faster than any human could unaided.

Character Set Attacks
If a password doesn’t appear in a hacker’s dictionary, they can instead utilize programs that enable them to cross-reference certain rules to identify a password’s contents. For instance, if they had the necessary information, a hacker could specify a certain number of characters are in a password, whether any letters are capitalized or lowercase, and many more specific details. This enables passwords to be cracked much more efficiently.

Brute Force Attacks
When a gentler touch fails them, a hacker can resort to performing a brute force attack on your password. These attacks try any combination of characters possible, until they either stumble upon the correct combination or simply overwhelm a system.

As you can see, there are plenty of ways that a password can be cracked, which is precisely why we encourage users to never use the same password twice, regularly change their passwords, and utilize 2-factor authentication whenever possible. This will ensure that even if your password gets stolen, there is a lower chance of it being used against you.

Reach out to us to learn more about your cybersecurity give Haber Group a call at 866.625.3560 today!

Tip of the Week: How to Hide Yourself from Skype
How Retail is Starting to Need IT
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Sunday, May 26 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Tip of the Week Security Best Practices Technology Cloud Privacy Business Email Hackers User Tips Malware Computer Business Computing Microsoft Productivity Hosted Solutions Network Security Internet Google Software Tech Term Mobile Devices Efficiency Communication IT Services Data Small Business Backup Hardware Workplace Tips Windows 10 Smartphone Ransomware IT Support Android Saving Money Cloud Computing Productivity Microsoft Office Managed IT Services Social Media Browser Data Management Business Continuity Facebook Data Recovery Server Internet of Things Users Upgrade Phishing Innovation Managed IT Services Word Windows Mobile Device Gmail Data Backup Office 365 Outsourced IT App Windows 10 Passwords Disaster Recovery Smartphones Information Managed Service Provider VoIP Remote Monitoring Encryption Employer-Employee Relationship Network Chrome Vulnerability Cybersecurity communications Artificial Intelligence Miscellaneous Business Management Spam Website Applications Infrastructure BYOD Office Tips Save Money Apple Virtual Reality Hacker Content Filtering Tip of the week Analytics IT Support Big Data Managed Service Gadgets Government Money Router Wireless Printing Automation Customer Service Apps Augmented Reality IT Management Maintenance Settings Firewall Two-factor Authentication Tablet Data storage Paperless Office WiFi Display Bandwidth Avoiding Downtime Antivirus YouTube Employee-Employer Relationship The Internet of Things Education Access Control Robot Virtualization Risk Management Data loss Business Technology Operating System Chromebook Mobile Device Management Development Virtual Private Network Administration Customer Relationship Management End of Support Server Management Wi-Fi Computing Touchscreen Google Drive Laptop Password Mobile Security Document Management Vendor Management Mouse Telephone Systems LiFi Hacking Safety Computers Quick Tips Business Intelligence Storage Downtime Scam Hosted Solution Retail SaaS Solid State Drive Presentation Company Culture Networking Outlook Office Unified Threat Management Hard Disk Drive VPN Monitors Wireless Technology Holiday Search HIPAA Recovery IBM Data Security Digital Payment Experience Unified Communications eWaste Device BDR Servers Deep Learning Humor Distributed Denial of Service Mixed Reality Alerts Service Level Agreement Network Management Comparison Running Cable Migration Hacks Fraud Internet Exlporer Politics LED SharePoint Collaboration Cables Laptops Managed IT Cryptocurrency Title II Connectivity Virtual Desktop Onboarding Techology Budget Private Cloud Continuity Mobility Google Maps Bring Your Own Device sip Managed IT Service Modem Hard Drives Buisness Slack Data Breach Digital Lenovo How To Licensing Co-Managed IT Specifications Compliance Lithium-ion battery Charging Mail Merge Value Tech Support IT solutions Smart Office Downloads IT Technicians File Sharing Wires Software as a Service Disaster Shortcut Bitcoin Network Congestion Online IoT Computer Care Digital Signage Unified Threat Management User Solar Print Toner Statistics Best Practice telephony Break Fix Cookies Refrigeration Samsung 5G Monitoring Hard Disk Drives Spyware Superfish Information Technology Cooperation Work Content Google Docs Black Friday Regulations Halloween Messaging Address Writing Hotspot Professional Services Public Speaking Websites Identity Theft Cortana Multi-Factor Security Mirgation Voice over Internet Protocol Entertainment Uninterrupted Power Supply Patch Management Windows 8 Microsoft Excel Star Wars Competition Training Fun Desktop User Error Staff Automobile Shortcuts Bluetooth Business Growth Dark Web Nanotechnology G Suite Spying Solid State Drives Google Wallet Optimization Streaming Cyber Monday Social Networking Scary Stories Analysis Employee-Employer Relationships Corporate Profile Current Events Language USB Legal Google Calendar Chatbots IP Address Cybercrime FinTech iOS Blockchain Cost Management Troubleshooting VoIP Printer Wearable Technology Security Cameras Alt Codes Dark Data Net Neutrality Screen Reader Undo How To Drones Knowledge Recycling Human Error IT service Heating/Cooling Smart Technology Marketing Motherboard Remote Computing Sports Students WannaCry Going Green Social Engineering Computing Infrastructure Dongle Time Management Legislation Identity Application Update Mobile Office MSP Scalability Social Permissions Assessment Managing Stress Managed Services Cabling Typing FCC Smart Tech PowerPoint Firefox Processors Cameras Relocation Meetings Tracking Health Cleaning Mobile Data Alert CCTV Emoji Webcam Windows 7 Domains Electronic Medical Records Work/Life Balance Error Black Market Point of Sale Regulation Mobile Computing Physical Security Travel Law Enforcement Notifications CrashOverride Upgrades Twitter Botnet Supercomputer Motion Sickness Gadget Staffing Personal Information Administrator Crowdsourcing Taxes 3D Printing Web Server Emergency Machine Learning IT Budget GPS Printers Computer Repair IT Consultant Unsupported Software