What is a password attack?
The most widely used mechanism to authenticate a user to a system is a password. Consequently obtaining passwords is a common and effective attack. How are these passwords obtained?
Access to a person’s password can be obtained usually by looking around a person’s desk. More often than not leave their passwords in plain site or in their desk.
Sniffing the connection between a user’s computer and the network is also used. This method requires the network connection to be unencrypted, so never visit a site with https that requires a password.
Gaining access to a password database is another way. We rely too heavily on the system we are visiting to keep our passwords safe. For the most part these are secure, but hackers have obtained passwords from these them.
Hackers also use brute-force which means randomly guessing the password. Sometimes they use additional logic about a person’s name, job title, hobbies, etc.
The last attack is a dictionary attack. A dictionary of common passwords are used to gain access. If the hacker has a copy of the encrypted password file from a system, they could apply the same encryption to a dictionary of commonly used passwords and compare the results.