When it comes to password hygiene, many of us are still ignoring the basics. It’s estimated that 10 percent of internet users are guilty of using at least one of the top 25 most popular passwords. 3 percent of people use the very worst password: ‘123456’. The whole point of a password is to put in place a barrier between a hacker and the network, system, device, program or account you want to protect. So the more obvious the password, the weaker that barrier.
Beware of Brute-force attack
When it comes to system infiltration, you are not simply dealing with an intruder manually trying out different password combinations. You are far more likely to encounter a brute force hacking attempt. With this type of attack, the hacker uses a cracking tool to work through various combinations of usernames and passwords until a combination is found.
There are several common flavours of brute force attack (all of which are made a lot easier where the type of password listed above is used!)
- Dictionary attack. The hacker works through a long list of possible passwords and tries them all. You can filter this quite substantially by making certain assumptions about the type of user you are targeting.
- Credential recycling. The attacker gets hold of intel on passwords and usernames from other breaches and uses this data as a basis for a fresh attack of their own. It can often yield results because so many of us are guilty of recycling login details for multiple accounts.
- Reverse brute force attack. Let’s say that the hacker wants to infiltrate a big company. Of all the users on the network, they take a bet that at least a few of the network users will be dumb or lazy enough to have the likes of ‘123456’ as their password. Drawing from information from the likes of LinkedIn, they attempt to match possible usernames to this popular password.