Cyber security has become an increasingly important issue in today’s world, demanding more emphasis. Whether on a personal or corporate level, cyber security applies to every aspect of technology, and it has gained even more attention during the pandemic period due to the rise in cyber attacks.
Password attacks are one of the commonly employed attack types within the realm of cyber attacks. These attacks can be directed at both corporate and personal targets. The objective is to gain unauthorized access to passwords of various platforms such as social media networks, technologies, software, and any other areas requiring password authentication, thereby causing harm to individuals or organizations.
Passwords are used for identity and authorization control in nearly all areas. Often, individuals or organizations tend to choose easy passwords to avoid forgetting them. Particularly, social media users may share summarized information about their passwords on their profiles. For example, they may include details such as their favorite sports team, place of birth, date of birth, spouse or partner’s name, relationship anniversaries, and more. These pieces of information are crucial to cyber attackers. It is highly probable that passwords created with such personal information may include these specific details. Thus, openly sharing such information makes it easier for attackers to carry out password attacks.
According to a research study, the most commonly used passwords in Turkey are as follows:
- 123456
- 123456789
- qwerty
- 1234567890
- Password
- 11111
- abc123
- password1
- 00000000
- !@^+%^&*
The most commonly used passwords worldwide include:
- 123456
- 123456789
- qwerty
- password
- 11111111
- 12345678
- abc123
- 1234567
- password1
- 00000000
- 123123
- 1q2w3e4r5t
Some of these passwords also appear on the list of most commonly used passwords globally. Millions of people choose easy passwords to avoid forgetting them. However, by doing so, they invite significant vulnerabilities.
So, how are password attacks conducted? What are the types of password attacks?
Brute Force: Brute force attacks rely on trying all possible combinations of numbers, letters, characters, etc., after collecting relevant information about the target. This attack type involves systematically testing all possible combinations, which can be time-consuming due to the large number of combinations generated by wordlists.
Dictionary Attack: In this attack type, dictionaries or wordlists are used to try various words in an attempt to find the target system’s password.
Rainbow Table: Many systems store passwords in the form of “hash.” Rainbow table attacks utilize precomputed tables that contain mappings of words to their corresponding hashes for direct comparison.
Hybrid: Hybrid attacks involve combining dictionary words with numbers and special characters to generate passwords, which are then tested.
As seen, password attacks can be conducted in multiple ways. There are several tools available for carrying out these attacks, each with its own unique features. Some of these tools include:
- CUPP
- Hydra
- Medusa
- Cewl
- Ophcrack
- Brutus
- Cain Abel
- John the Ripper
Each of these tools has its specific characteristics, which may vary depending on whether the target is an individual or an organization. For instance, the Cewl tool analyzes the target website to identify relevant keywords and uses them to generate and test passwords for the attack.
In today’s world, technology has become an indispensable part of our lives, both personally and professionally. Everyone creates multiple passwords for their social media accounts and software applications. To avoid falling victim to such attacks, it is important to create strong passwords that are difficult to crack and refrain from sharing personal information within passwords. These simple precautions can significantly mitigate the risk of password attacks.
