Password Cracking
Password cracking is the infamous practice of breaking into someone’s personal account that we commonly see on television and in movies. Once someone knows your account user name, specially designed programs are then put to work to determine your password.
“What?” you say, “That must take forever. I mean, there are millions of password possibilities! They’ll never figure mine out.” Well, in most cases that’s right and for that very reason password cracking is somewhat of a lost art (not that illegally breaking into someone’s account was every an art at all) and rarely practiced. Nonetheless, we must still be on the watch for password crackers; especially since computers are able to process data at a faster rate than ever before, hijacking programs can crack an average password in a relatively short period of time.
There are varying intensities of password cracking and ways to protect your accounts from being hijacked by password crackers.
- Level 1 – Guessing
- Like its name indicates, guessing consists of precisely that, guessing. Password crackers simply start guessing at the target account’s password and start off by trying common passwords and variations of the user name.
- Fortunately for us, guessing is only somewhat successful because it is easily preventable. Obviously, stray away from common passwords like admin or 123456. Also, avoid creating passwords that are related to you, such as your pet’s name, license plate number, or your street address. These are much easier to guess than a password of randomly arranged numbers, letters, and characters.
- Like its name indicates, guessing consists of precisely that, guessing. Password crackers simply start guessing at the target account’s password and start off by trying common passwords and variations of the user name.
- Level 2 – Dictionary Attacks
- Dictionary attacks are where specially developed programs go through the entire dictionary and try to determine someone’s password by attempting to login with each and every single word. Dictionary attackers are often successful as many users fail to develop complex passwords and prefer to create passwords that are actual words.
- Dictionary attacks are also very easy to prevent; simply don’t use actual words when creating your passwords.
- Dictionary attacks are where specially developed programs go through the entire dictionary and try to determine someone’s password by attempting to login with each and every single word. Dictionary attackers are often successful as many users fail to develop complex passwords and prefer to create passwords that are actual words.
- Level 3 – Brute Force
- In theory, brute force attacks are always successful because they will attempt to login with every possible password that can be created. Now, you and I both know that there are thousands, if not millions of possible passwords, so it will take a brute force attacker a long time to try them all.
- There is really nothing one can do to prevent a brute force attacker who is determined to crack your password. However, you can pray they will give up before successfully logging into your account. By making your password as long as possible and incorporating characters into your passwords, you are essentially lengthening the amount of time it’ll take to crack your password and therefore increasing the possibility that the attacker will throw in the towel.
- In theory, brute force attacks are always successful because they will attempt to login with every possible password that can be created. Now, you and I both know that there are thousands, if not millions of possible passwords, so it will take a brute force attacker a long time to try them all.
Like stated above, the best way to avoid password cracking is to develop a password that meets the following criteria:
- Contains letters, numbers, and characters
- Does not resemble a word or phrase
- Contains no fragments of the password holder’s identity
- More 8 characters in length
To further protect yourself against password cracking, keep your user name secret and do not permit others to watch you log into your private accounts. And, last but not least, it’s advisable to change your password at least once every two weeks, if not more frequently.
The PCMech.com weekly newsletter has been running strong for over 8 years. Sign up to get tech news, updates and exclusive content - right in your inbox. Also get (several) free gifts.
