We all have passwords to access various aspects of our lives.
You may use the same password for all of your logins so it’s easy to remember. Or you may have selected a password based on someone’s name or town, or birthday, special day or some other common event.
All of these are poor decisions.
You see, one of the simplest ways to gain access to your information is by logging in as you.
Your identity online is determined by your username and password. If a hacker has those two items, they can essentially be you – online.
How can hackers obtain your login and password?
Through the use of either a “brute force attack” or a dictionary attack hackers can obtain your password.
A brute force attack attempts to try every possible password. Some brute force attacks programs are Brutus, and THC-Hydra. These programs will dynamically attempt Cyber security automation tools all possible passwords as it generates them. They don’t work with lists of possibilities, you can feed it various parameters like all numeric, all upper-case alpha, combination of upper and lower case alpha, and it then proceeds to launch it’s own login attempts on the target.
In a dictionary attack, extensive lists of possible passwords are generated ahead of time. These lists are then launched against the target. Only the combinations in the dictionary are attempted.
However, the dictionaries used typically contain:
- Words in various languages
- Names of people
- Commonly used passwords
If any of these categories are what you use for your passwords, it might be time to change. Many times people wonder how the hackers get a list of commonly used passwords. They get those by cracking someone’s password. They know that if one person uses that password, others may as well. Cyber criminals have programs that will generate large lists of passwords.
You might be thinking, how long would it take them to create millions or billions of usernames and passwords that will have one matching your password?
That depends on two main things, the length and complexity of your password and the speed of the hacker’s computer. Assuming the hacker has a reasonably fast PC (ie., dual processor) here is an estimate of the amount of time it would take to generate every possible combination of passwords for a given number of characters. After generating the list it’s just a matter of time before the computer runs through all the possibilities – or gets shut down trying.
A password of all numbers and 8 characters in length will contain 100 million possible combinations and take only 10 seconds to generate.
If your password is all letters, either all upper or all lower case, it will contain 200 billion possible combinations and take only 5.8 hours to generate. The time to generate all 53 trillion possible combinations of a password comprised of mixed upper case and lower case letters grows to 62 days. When your password has 8 characters of upper case, lower case and numbers the possible combinations grows to 218 trillion and the time required to generate the list grows to 253 days.
When you create a password with upper case, lower case letters, numbers and special characters, your list of possible combinations grows to 7.2 quadrillion and will take 23 years just to generate.
Remember, these times are just for a single, dual processor computer, and these results assume you aren’t using any common words in the dictionary. If a number of remotely controlled computers (read hacked) were put to work on it to generate the lists, they’d finish about 1,000 times faster.