PASSWORD CRACKING TECHNIQUES AND COUNTER MEASURES-2016
There are several methods out there by which a hacker can gain access to your mails or accounts by hacking them. This article will prove beneficial to you which will help you in safeguarding your online accounts from hacking.
BRUTE FORCE ATTACK
Hackers can crack any sort of password by brute force attack. This attack involves any number of possible combinations of numbers, letters and special characters until the right password is match. Brute-force attacks can take very long time depending upon the complexity of the password. The cracking time is determined by the speed of computer and complexity of the password.
Countermeasure:
You should you long passwords which are a combination of uppercase lowercase special character and digits. Brute-force attack will take hundreds or even thousands of years to crack such complex and long passwords.
SOCIAL ENGINEERING
With this method a person can gain access to your password by manipulating to trust him and then you grant your password yourself. For example, if the hacker was trying to get the password of a co-workers or friends computer, he could call him pretending to be from the IT department and simply ask for his login details. Sometime hackers call the victim pretending to be from bank and ask for their credit cards details. Social Engineering can be used to get someone password, to get bank credentials or any personal information.
Countermeasure:
If someone asks you for a password and pretends to be someone you must first confirm his/her identity by asking few questions. In this way you will not fall in a trap.
KEYLOGGERS AND RATS
In this method the hacker send keylogger to the victim. With this the hacker has the power of monitoring everything that the victim does on his/her system. Every keystroke is logged including passwords. Moreover hacker can even control the victims computer.
Countermeasure:
If its important use on-screen or virtual keyboard while tying the login. Use latest anti-virus software and keep them updated. Check out below article to know more about Rats and Keyloggers.
PHISHING
It is the most popular and easiest way to have someone’s account details. In this the hacker sends a fake page that looks just like the original one like of facebook or gmail to the victim.
When someone logins through that fake page the details will be sent to the hacker.
Countermeasure:
Its easy to avoid phishing attacks. The url of this phishing pages are different from the real one. For example URL of phishing page of facebook might look like facbbook.com (As you can see There are two “b”). Always make sure that websites url is correct.
RAINBOW TABLE
This table is a list of hashes that has been precomputed for possible combination of characters. Password hash is the password which has been gone through a mathematical algorithm like md5. It is a one way encryption technique in which if once a password is hashed you cannot get back to the original string. It is almost similar to dictionary attack, the only difference is, in rainbow tables attack hashed characters are used as passwords whereas in dictionary attack normal characters are used as passwords.
Example: ‘hello’ in md5 is 5d41402abc4b2a76b9719d911017c592 and zero length string (“”) is d41d8cd98f00b204e9800998ecf8427e
Countermeasure:
Use long and complex passwords because creation of these table will require a longer time and hug resources.
No comments