Why are passwords targeted?
User credentials have always been very important in the world of information technology. A user login and a password give direct access to sensitive and confidential data. This is the very reason why password protection is used: to protect assets and prevent unauthorised access. Therefore, when it comes to cyber-attacks and network intrusion, the first point of entry that an attacker will try to bypass is the password.
Technology is getting better
Over the past decade, technology and computing power have exponentially increased, giving the possibility to perform more sophisticated and faster attacks. This is especially true with CPU and GPU because when the two are combined, an attacker can try thousands of password combinations within the span of a couple of seconds using automated tools. Such technological improvements make the chances of cracking a password much higher. To get an idea on how long on average it would take to crack your current password, visit the how secure is my password website.
The different types of password attacks
When it comes to password cracking, the following list describes the most commonly used type of attacks. It should be noted that some of these attacks are combined depending on whether or not the target password is hashed.
- Brute force (trying thousands of random password combinations until the targeted password is retrieved)
- Rainbow tables (a set of reversed cryptographic hashing ciphers that automatically display an encrypted password in clear text)
- Dictionary attack (a list of passwords that uses common words)
- Recon and Open Source Intelligence (gathering publicly available information about a “target” that encompass nickname, age, date of birth, work, family, hobbies and any other relevant personal data that could give hints with the objective of guessing a password)
Best security practices to lower the chances of password attack
These days implementing a password policy is essential in order to avoid user credential attacks and there are several best security practices that must be taken into account for effective IT governance.
First and foremost, it is advised to use a different password for every system or software used. From a security standpoint, if there is only one password and it is compromised, all systems will become vulnerable. This can simply be countered with the use of a different password.
In order to ensure a “strong password”, several variables must be taken into consideration, and based on the recent increase in processor power, the length of your password is a key factor and now needs to be a minimum of 11 characters in length. In addition, you should use capital/lower case letters, numbers as well as special characters – the more complex a password is, the lower the chances of cracking it.
Furthermore, passwords should be changed and updated on a regular basis. In order to avoid having to type the password, they can be stored in what is called a “password safe” where it is possible to copy and paste them for easier login. To facilitate this process, several free online password safe tools are available to automatically generate a password with all the variables described previously.