Restrictions are placed on access for almost all networks and
computers. These are usually done through a few methods
In this webpage we will focus on passwords and their vulnerabilities. There are three main types of attacks on passwords that we will cover.
We will also talk about some ways to deter the effectiveness of these sorts of attacks.
Bio Based Attacks. People often use biographical/personal information to identify themselves and/or create their passwords.
We aren't going to get into much depth about usernames, but these are usually based on the actual name of the user and/or email addresses are quite well known. But these sorts of things help increase the importance of creating passwords that are tougher to determine for attackers.
Some of the classic things people use as passwords are
But all of these things can be relatively easy to guess for someone that gets to know much about the person whose accounts they are trying to attack. So while these sorts of passwords are generally easier for a user to remember, they are also somewhat easily figured out by attackers.
Some Bad Password Choices. People often use passwords that are way too obvious. The following ever expanding list gives some illustrations.
Dictionary Attacks. People often use words or combinations of words that can be found in a dictionary. While there are a lot of words in human speech and in any particular language, they can be relatively easy to search through. They can be even easier to determine the more they can be connected with the user.
These are generally not as easily guessed by an attacker as bio info. But think about how fast a spell and grammar checker operates on what you have written. This should give you some sense of how quickly an adept attacker can go through a dictionary even to form contrived compound words.
Brute Force Attacks. While brute force attacks rely on testing every possible combination of letters, numbers and characters that can be used in a password, they still might prove effective.
Think of how many fewer combinations will need to be tried if the attacker can somehow determine the number of characters used in a password. Almost all passwords fall between four and sixteen characters. Obviously, it is easier to use brute force on shorter passwords. At the same time, it is my experience that many sites limit the number and types of characters that can be used in a password which actually helps attackers at least somewhat.
Deterrence. There are a number of things that users can do to make their passwords less attackable.
There are a number of things that administrators can do to make passwords less attackable
More will be added.