Cyber Security: Password-based Attacks
One of the most frequent ways that personal and corporate data is compromised is through password attacks. An attempt to steal your password by a hacker is known as a password attack. Passwords are becoming less secure since they can only have so many letters and numbers. Hackers will continue to utilize password attacks as long as passwords are in use since they are aware that many passwords are improperly constructed.
It is a kind of cybercrime in which criminals try to get access to a password-protected computer, account, or file. In most cases, software that speeds up password cracking or guessing is used. Because of this, it is crucial to use security practices while making passwords, such as staying away from utilizing names of pets, nicknames, apartment addresses, etc. These default passwords are too simple to figure out, and simple to crack, especially by someone who knows you well.
The most typical password attack types and prevention are given below:
1) Phishing
Phishing is when a hacker impersonating a reliable entity sends you a bogus email in the hopes that you will voluntarily divulge your personal information. In some cases, they take you to phony "reset your password" pages, while in other cases, they download malicious software onto your device.
Prevention:
- Verify the sender by looking at the "From:" line of each email to make sure the sender matches the email address you were expecting.
- When in doubt, confirm the source by getting in touch with the email's sender to be sure they were the ones who sent it.
- Consult your IT department. They should be able to tell you if the email you received is authentic.
2) Man-in-the-middle (MitM) attack
They occur when a hacker or compromised system stands between two uncompromised individuals or systems and decodes the data being passed, including passwords.
Prevention:
- Enable encryption on your router. Anyone on the street who has access to your modem and router can use "sniffer" equipment to view the data that is sent via it.
- Use two-factor authentication and strong credentials. Many router usernames and passwords are never changed from the default values. All of your traffic could be forwarded to a hacker's compromised servers if they manage to gain access to your router's administration.
- Apply VPN. Man-in-the-middle attacks can be avoided by using a secure virtual private network (VPN), which makes sure that all of the servers you send data to are reputable.
3) Brute Force Attack
Hackers use specialized software and the hit-and-try strategy to acquire credentials during a brute-force assault.
Prevention:
- Make your password complex. A mixed case, mixed character, a 10-digit password is very different from an all lowercase, all alphabetic, six-digit password.
- Set up and enable remote access. The risk of a brute-force attack will be reduced with an access management product like OneLogin.
- Make multi-factor authentication necessary. A potential hacker can only request access to your account by sending a request to your second factor if multi-factor authentication (MFA) is configured on your account. Hackers are likely to be locked out of your account because they would not have access to your mobile device or thumbprint.
4) Dictionary Attack
Here, the attacker makes use of a dictionary's catalog of widely used terms and phrases. As they do not use character-by-character tries, this is the opposite of a brute-force password attack.
Prevention:
- Never use a term from a dictionary as your password.
- Lock accounts when a password is unsuccessful too often.
- Think about purchasing a password manager.
5) Keylogger Attack
Attackers try keylogger or keystroke logger password attacks using malware. These attacks are among the most damaging in cybersecurity since they expose even the strongest and most protected passwords. When you press a key, hackers record it.
Prevention:
- Verify your physical equipment.
- Do a virus check.
Cybersecurity password hacks demand specialized methods and tools. If a hacker is nearby, they might try to guess your password by utilizing a combination of your name, your hobbies, significant dates, or numbers. When that fails, they employ specialized software to search through a list of words that lots of people use as passwords. Surprisingly, more than 75% of internet users only use the first 500 characters of their passwords. Imagine how simple it would be for bad actors to obtain your sensitive data in front of this.
References
https://www.bigscal.com/blogs/cyber-security/what-is-a-cyber-security/