During password cracking you try to obtain password for know user to get access to system. Lets look at some examples of good and bad password and also some techniques that can be used for attacking password.
Only use numbers
Only use letters
All in upper or lower cases
Use dictionary words
Fewer then eight characters
Good practice for creating password
Do not use passwords that contain only letters, special characters and numbers
Do not use passwords that contain only numbers
Do not use passwords that contain only special characters
Do not use passwords that contain only letters and numbers
Do not use passwords that contain only letters
Do not use passwords that contain only letters and special characters
Do not use passwords that contain only special characters and numbers
Following this guidelines minimizes the threat but not eliminates it. To enhance your security you can move to 2 factor authentication using smartcards, RSA tokent or other mechanisms.
Password Attack Types
Dictionary Attacks – program uses dictionary file that contains words to try to find match and crack the password
Nontechnical Attacks – this is non technical attacks that uses techniques like shoulder surfing , dumpster diving and so on
Offline Attacks – attacks against places where passwords stored. Network attacks ,rainbow attacks
Active Online Attacks – password guessing, hash injection, phishing and so on. Very effective against week passwords
Passive Online Attacks – uses sniffing with wireshark for example.
Rule-Based Attack – assumes that user created a password using information attacker has some knowledge of.
Syllable Attack – combination of brute force and dictionary attack
Hybrid Attack – modified password attack
Brute-Force Attack – attack where different character combinations are tried until password is guessed