How Password Cracking Works And How You Can Prevent It




No business is safe in today’s digital landscape. Regardless of the industry or business size, everyone is prone to cyber-crime and data breaches. And that’s exactly why as a business owner it should be your top concern to make sure that both your sensitive organizational data and confidential client information are well-protected from hackers.

Over the years, we’ve witnessed some of the biggest data breaches of all times. In 2013, nearly 3 billion Yahoo user accounts were compromised, followed by eBay in 2014. eBay experienced a cyber-attack which exposed private date of 145 million users that included information like names, passwords, addresses and dates of birth. Just when we thought what can be worse than that, Equifax announced that application vulnerability on their website resulted in data breach exposing personal information of 143 million people and credit card data of 209,000 consumers.

The cyber drama doesn’t end here. According to Forbes a file has been hacked and leaked on the dark web which contains 1.4 billion username & passwords. And wait there’s more to that news. All records in the file are listed in simple text.

The purpose of sharing all this information is that your operating systems, business and clients are all exposed to alarming vulnerability and high probability of cyber-attacks. It’s vital to understand that password crackers usually aren’t looking to target a specific person, and log into their PayPal account. Professional hackers work against the password files which they download from company’s breached servers. These files are easily accessible from the root-level of server operating systems. They run tests against the file—knocking down targets one after the other. By using modern graphics hardware, this process becomes superfast for password crackers as these products can test trillions of passwords in a few seconds.

Let’s take a quick look at how password cracking works:

Cracking passwords may sound like a difficult process but it has become a lot simpler these days with the advent of new software programs. Password hackers today rely on specialized applications and techniques like Dictionary Crack and Brute Force.

Dictionary Crack

The dictionary crack technique primarily uses lists of popular passwords, pattern checking and wordlist substitution to find out passwords used commonly. These lists are commonly available on various sites while larger versions of the lists can be bought at a cheap price. By using this technique, a password cracker can unlock 20 percent of the password file by only using the 10,000 most commonly used passwords. Once the password file is decrypted, the application uses and tests different combinations of text strings. It cycles through possibly every combination in seconds to identify the right one.

Interestingly enough, 75% of the population on the web uses most common and not the strongest of passwords. According to Splash Data’s top 25 least secure or worst passwords in 2017 included ‘123456’ at the top, followed by ‘password’, ‘12345678’ and ‘qwerty’. And did you know that Yahoo data breach incident revealed that ‘123456’ was the password of 1,666 Yahoo users? And 780 users had the word ‘password’ as their password?

Brute Force

Brute Force is another weapon in the arsenal of hackers that takes care of the stubborn passwords which can’t be accessed by dictionary crack. By using machines with multi-core processors, hackers are able to test billions of passwords in seconds. Brute force is particularly used to unscramble 5 or 6 character passwords that dictionary crack can’t yield. However, hackers often use both applications in combination for cracking longer passwords—narrowing down the possible combinations realm.

Besides these techniques, a new tool has also surfaced that is believed to have the power to decipher what you type on Skype. It basically listens to the typing pattern of the user and learns the sound of each key. Experts predict that it can be abused by cyber hackers to crack passwords.  

How to Avoid the Risk and Protect Your Passwords

From the looks of it, it seems like password crackers can decipher all passwords. But wait, there is a lot that you can do to stay protected and lower the risk if not prevent it. Here are some techniques to get started:

Cyber Security Training

Create awareness about cyber-crime among your employees by providing them cyber security training. Cyber security training for beginners is a great way to develop their knowledge about cyber-crime, attacks, risks and damages. Such basic information and knowledge can truly help your employees at all levels (regardless of what department they work in) to understand the importance of keeping systems and accounts secure with strong passwords on both individual and corporate level.

Create Strong and Hard to Crack Passwords

Though applications like Brute Force and Dictionary Crack can decipher common and 6 character passwords easily, it takes time to crack strong and lengthy passwords that have digits, lower and upper case letters and special characters. Cracking such passwords is extremely difficult even for Brute Force. So, consider creating a strong password.

Also, avoid using words from the dictionary, even if it happens to be long like pseudopseudohypoparathyroidism. This is because it’s easy to identify using Dictionary Crack.

Vulnerability Assessment

Crack your passwords for vulnerability assessment, and then implement steps to make your system security stronger. Yes, that’s right crack your own passwords! It’s a proven way to find security issues and vulnerabilities that malicious hackers can potentially exploit—putting your business and client information at risk.

Based on the assessment, it’s easier to devise effective preventative measures and counter responses thereby minimizing potential threats and the possibility of becoming a victim to cyber-crime.

However, for this it is important to train your network and cyber security engineers in vulnerability assessment. Consider enrolling them in ethical hacker cyber security training online programs. These courses are available over the web where network and cyber security engineers learn to think and act like hackers testing system passwords for strength and vulnerability. This type of training helps them proactively identify weak passwords, and then devise strategies much needed to stay one step ahead of the hackers. Also, by doing that you can ensure better system security, and prevent data breach.

About The Author
Muzzammil
Product Manager at QuickStart

Muzzammil Hanif

With over 8 years of experience in the IT industry, Muzzammil is a tried and tested expert at product management. He has a special interest in InfoSec related certifications and courses, and has his finger on the pulse of the latest developments in the cyber security industry. When he is not working, he likes to watch movies and spend time with his family.