Do you really think your password is secure?
Think again about it! This post will show you how secure your password is in real!
Before we get into cracking passwords with programs, I will explain a couple old-fashioned ways to obtain someone’s password.
- Social Engineering – Social engineering is when a hacker takes advantage of trusting human beings to get information from them. For example, if the hacker was trying to get the password for a co-workers computer, he (Even though I use “he”, hackers are of both genders, and I just chose to use “he” in these examples.) could call the co-worker pretending to be from the IT department. The conversation could be something like: Bob- “Hello Suzy. My name is Bob and I’m from the IT department. We are currently attempting to install a new security update on your computer, but we can’t seem to connect to the user database and extract your user information. Would you mind helping me out and letting me know your password before my boss starts breathing down my neck? It’s one of those days, ya’ know?” Suzy would probably feel bad for Bob and let him know her password without any hesitation. And we got what we want! She got social engineered. Now the hacker can do whatever he pleases with her account.
- Shoulder surfing – Shoulder surfing is exactly what it sounds like. The hacker would simply attempt to look over your shoulder as you type in your password. The hacker may also watch weather you glance around your desk, looking for a written reminder or the written password itself.
- Guessing – If you use a weak password, a hacker could simple guess it by using the information he knows about you. Some examples of this are: date of birth, phone number, favorite pet, and other simple things like these.
Now that we have the simple low-tech password cracking techniques out of the way, let’s explore some high-tech techniques. Some of the programs I will use in my examples may be blocked by your anti-virus programs when you attempt to run them. Make sure you disable your anti-virus program when you decide to download and explore them.
There are different ways a hacker can go about cracking a password. Below I will explain and give a few examples of cracking and hacking techniques:
- Dictionary Attacks
- Brute-force Attacks
- Rainbow Tables
How to Protect yourself:
I will now show you all the countermeasures you should take to protect yourself from all of the password cracking attacks talked about above.
- Social Engineering: To protect yourself from social engineering attacks like the one discussed in this chapter you must learn to question the possible attacker. If you get a phone call from someone, and you think that there may be a chance that the person isn’t who he says he is, then ask him some questions that he should be able to answer to establish his legitimacy. Some professional social engineers study the company before attacking, so they might know all the answers. That’s why, if you still have some doubts, you should ask the head of whatever department the attacker is from to find out if he is legit. Better safe than sorry!
- Shoulder Surfing: When you type in your password make sure there is no one behind you attempting to peak. If there is, turn around and drop kick him/her in the face. No not really. Also, make sure you don’t keep any sticky notes laying around that have your password or password hints on them.
- Guessing: To prevent this attack from happening, never use a password like your birth date, your mother’s maiden name, your pets name, your spouse’s name, or anything that someone may be able to guess.
- Dictionary Attacks: Dictionary attacks are very simple to prevent. Don’t use a password that is in the dictionary. Some people may think that if they use a word from the dictionary but replace most of the letters with a number, then they are safe. They are not. There are 1337 speak dictionary’s out there too. Basically what 1337 speak is, is changing a word like “animal” to 4n1m41. For a secure password, I would recommend using a phrase such as “d1Z_!iS_7hE_P4sS”.
- Brute-force Attacks: Brute-force attacks may be prevented by creating a very long password and using many numbers and odd characters. The longer the password the longer it takes for the hacker to crack your password. If after a few days the hacker hasn’t been able to crack your password through a brute-force attack, then he is very likely to just give up. Like I said in the dictionary attacks, creating a phrase for your password is your best option for staying secure.
- Rainbow Tables: You can avoid rainbow table cracking by simply making your password extremely long. Creating tables for passwords that are long takes a very long time and a lot of resources. That is why there aren’t many of these tables available.
- Phishing: Phishing attacks are very simple to avoid. When you are asked to put your personal information into a website, look up into the URL bar. If for example you are supposed to be on Gmail.com and in the URL bar it says something completely different like gmail.randomsite.com, or gamilmail.com, then you know this is a fake. When you are on the real Gmail website, the URL should look like mail.google.com, a fake urls would look something like mail.mygooglemail.com, so anything other than mail.google is a fake site.