Get Started. It's Free
or sign up with your email address
Rocket clouds

1. Rules of password

1.1. 1. A password is designed to be something an individual can remember easily but at the same time not something that can be easily guessed or broken.

1.2. 2. Human beings tend to choose passwords that are easy to remember, which can make them easy to guess.

2. Some examples of passwords that lend themselves to cracking:

2.1. Passwords that use only numbers

2.2. Passwords that use only letters

2.3. Passwords that are all upper- or lowercase

2.4. Passwords that use proper names

2.5. Passwords that use dictionary words

2.6. Short passwords (fewer than eight characters)

3. Types of password attacks

3.1. Passive online attacks

3.1.1. A passive online attack, the attacker tends to be not engaged or less engaged than they would be during other kinds of attacks.

3.1.2. The effectiveness of this attack tends to rely not only on how weak the password system is, but also on how reliably the password-collection mechanism is executed.

3.2. Active online attacks

3.2.1. These attacks use a more aggressive form of penetration that is designed to recover passwords

3.2.2. Examples: Using password guessing, Trojans, Spyware, Hash Injection and Keyloggers

3.3. Offline attacks

3.3.1. Offline attacks represent yet another form of attack that is very effective and difficult to detect in many cases.

3.3.2. Such attacks rely on the attacking party being able to learn how passwords are stored and then using this information to carry out an attack.

4. manual password cracking

4.1. Default passwords

4.1.1. Look up your default password at any of the following sites: ■ | Suspicion Breeds Confidence ■ ■ ■

4.2. 'Guessing passwords

4.2.1. Simply put, an attacker may target a system by doing the following: 1. Locate a valid user. 2. Determine a list of potential passwords. 3. Rank possible passwords from least to most likely. 4. Try passwords until access is gained or the options are exhausted. This process can be automated through the use of scripts created by the attacker, but it still qualifies as a manual attack.