Password Attacks

Password Attacks


Dictionary Attack


Man-in-the-Middle Attack




Brute Force Attack

An attempt to steal your password by a hacker is known as a password attack. In 2020, compromised credentials were at blame for 81% of data breaches. Types of Password Attacks


Credential Stuffing



        Phishing is when a hacker impersonating a reliable entity sends you a phoney email in the hopes that you will voluntarily divulge your personal information. In some cases, they take you to phoney "reset your password" displays, while in other cases, they download malicious software onto your device. The OneLogin blog features a number of examples.

Here are a few examples of phishing: 1.Regular phishing 2.Spear phishing 3.Smishing and vishing 4.Whaling

1. Phishing

      Man-in-the middle (MitM) attacks are when a hacker or compromised system sits in between two uncompromised people or systems and deciphers the information they're passing to each other, including passwords.

To help prevent man-in-the-middle attacks:  * Enable encryption on your router  * Use strong credentials and two-factor authentication  * Use a VPN

2. Man-in-the-Middle Attack

       A brute force attack is like using a battering ram if a password is like using a key to access a door. When a hacker tries 2.18 trillion password / username combinations in 22 seconds, your account could be targeted if your password is weak.

To assist in avoiding brute force attacks:  * Make your password complex. A mixed case, mixed character, 10 digit password is very different from an all lowercase, all alphabetic, six digit password. A successful brute force assault is less likely as your password complexity rises.  * Set up and enable remote access. If your business employs remote access management, inquire with the IT department. The risk of a brute-force attack will be reduced with an access management product like OneLogin.

3. Brute Force Attack

To help prevent a dictionary attack:  * Never use a word from a dictionary as your password. It should never be a component of your password if you've read it in a book. * Consider employing a password management system if you must use a password rather than an access management solution.  * Take into account purchasing a password manager. Complex passwords are automatically generated by password managers, reducing the risk of dictionary attacks.

4. Dictionary Attack

    Dictionary assaults, a sort of brute force attack, relies on our propensity to choose "basic" phrases as our passwords; the most popular of these words have been compiled by hackers into "cracking dictionaries." More complex dictionary assaults use terms that are significant to you personally, such as your birthplace, a child's name, or the name of a pet.

       If you've ever experienced a breach, you are aware that your previous passwords were probably exposed and posted on a dubious website. Accounts that never updated their passwords after a breach are vulnerable to credential stuffing. Hackers will test different combinations of the victim's old usernames and passwords in the hopes that they were never changed.

To help prevent credential stuffing:  * Change your passwords frequently. A hacker is more likely to uncover a technique to breach a password the longer it remains uncracked. 

5. Credential Stuffing

      Malicious software called keyloggers records each keystroke and sends the information to a hacker. Typically, a user will download the programme thinking it is safe, only for it to secretly install a keylogger.

To protect yourself from keyloggers:  * Verify your physical equipment. A hardware keylogger can be installed on your workstation by someone who has access to it in order to record your keystrokes. Make sure you are familiar with all of the hardware by performing routine inspections of your computer and the environment around it.  * Do a virus check. Regularly scan your PC with a reliable antivirus programme. The most popular malware keyloggers are tracked by antivirus providers, who mark them as potentially harmful.

6. Keyloggers