A weak password is simply defined as a password that can be easily guessed or judged by humans or computers. Since, there has been an increase in internet usage, it has given rise to number of cyberattacks occurring every year. there have emerged various techniques which are used efficiently by cybercriminals against victims of cyber-attacks. Many companies these days are looking for ways to avoid cyberattacks and deploying mechanisms to combat the effects of potential cyberattacks.
The “password” systems:
The “password system” has been around the internet since the internet itself. It is a seemingly foolproof method to protect online information and valuables. Passwords are a way to keep things private while they are online so they are not publically visible to others. Since the time of its inception, the password system has been quite underrated by normal users. Never do users ever think that their password can be leaked or known to any other person if they do not disclose it. But that’s a wrong perception.
Passwords are essentially the most important gateway towards a lot of private information. However, it has been a while since cyber criminals devised tools to “guess” or “crack” passwords to systems. Techniques like brute force attack is effective for this purpose. The technique requires a lot of processing requirements. Once, the passwords started to get cracked, the passwords were then improved with a password policy over the cyber space where every company or organization has a policy of strong passwords. For example, adding “M&M” to an existing password “Iluvchocolate” makes it more difficult to break because of the character “&” into the password.
The Weak password vulnerability
A weak password is a short, common, a default value or something that could easily be guessed. Examples of weak passwords include “password”, “password123”, “admin” etc. People use weak passwords only because they are easy to remember, but in doing so they are keeping passwords that are also easy to guess.
Weak passwords can be easily exploited by the hackers. In fact, a lot of companies have faced serious consequences due to password breach attacks. Common names and weak passwords give rise to exploited credentials. A weak password can be the basis of compromised IT assets and other security controls like the antivirus or network protection and monitoring tool’s configuration, exposure of sensitive data like financial details, intellectual property etc., loss of information confidentiality and integrity.
How weak passwords can be cracked?
A weak password is a major vulnerability to the overall system and the company’s’ digital assets. A Weak password becomes an easy to guess thing and totally hackable when it contains either of the following:
The login credentials are same i.e. password is same as username
The normal QWERTY keyboard patterns are used as passwords like asdf, QWERTY etc.
Common dictionary words from English language are kept as passwords
Default passwords like “guest” is used as password. Or even passwords that come built in as default passwords.
A reuse of password is done by the user. So in case one password is leaked or cracked, all the other user accounts of that user will be exposed.
There are three basic types of how weak passwords can be exploited
1. Dictionary attacks
With The use of common passwords, dictionary attacks can result in successful guessing of passwords. A few permutations and educated guesses are all you need for guessing the correct password. For example, replacing s with $ etc.
2. Brute force attacks
Weak passwords can be cracked with the help of password cracking software. Brute force is a hacking technique used to find out user credentials. The credentials are guessed using the trial and error method. For this attack to be carried out successfully, a username list and a password list needs to be there. There are many tools used to carry out the brute force attacks like Metasploit, Hashcat, John the Ripper,Wfuzz etc.
3. Hybrid attacks
Hybrid attacks mixes the above tow techniques to see if passwords can be cracked or not. If the system doesn’t allow successful attempts via a dictionary attack, then the password will come to brute force technique.
Takeaways and recommendations for better Password management
Takeaway#1: Never use easy information as passwords
Easy passwords are easier to guess. One good point to note that these days, with new technologies and latest algorithms in place, making it easy to crack an easy password.
Takeaway#2: Use longer phrases than adding special characters to passwords
In some studies, it is seen that keeping a long character’s password is hard to guess than keeping a short but full of odd characters password. For example “ilovecharlieandthechocolatefactory” is a tough password than “Charlie8$”.
Takeaway#3: Use unique passwords for every account
This is another key takeaway. Keeping one password for all user accounts from PayPal to Amazon to Gmail and bank account is a big no. for best security, it is best to keep a separate password for all user accounts.
Takeaway#4: Use a latest password manager
Like password cracking tools are there, the “good guys” on the web have also come up with solutions like password managers. These are tools to manage credentials in a secure manner.
More recommendations: Multi-factor authentication should be implemented
These days, latest security mechanism include adding multiple layers of security. This has introduced a technique called multi-factor authentication. In this technique, the authentication is performed in a combination of factors like password and biometrics, or password and face recognition, password and voice authentication and so on. If one of the authentication fails, the user is no longer granted access. So, in order to get your hands on the assets, it is important to authenticate in all of the methods.
Stay strong
A strong password is your first line of defense against a potential intruder. A strong password significantly improves chances of avoiding a cyberattack. A multi-factor authentication method leads to an even stronger security with multiple layers in place. It is always best to always take special protection with the passwords.
Do you want to make sure that you never miss a hot cybersecurity story ?
You can register to my email newsletter for free – straight from my desk – containing all the latest security related stories, hints and tips published on this website and beyond.