There are number of methods out their used by hackers to hack your account or get your personal information. Today in this post i will share with you guys 8 Most commonly used method to crack password and their countermeasures. You must check out this article to be safe and to prevent your online accounts from hacking.
The process of attempting to guess or crack passwords to gain access to a computer system or network.
Crackers will generally use a variety of tools, scripts, or software to crack a system password.
The goal of the cracker is to ideally obtain the password for root (UNIX) or system and administrator (Windows, NT).
Password cracks work by comparing every encrypted dictionary word against the entries in system password file until a match is found.
Password cracking is one of the most enjoyable hacks for the bad guys. It fuels their sense of exploration and desire to figure things out
- Social Engineering
Social engineering takes advantage of the trusting nature of human beings to gain information that can later be used maliciously.
Social engineering is a term that describes a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures.
Techniques:- To obtain a password through social engineering, you just ask for it.
For example:– You can simply call a user and tell him that he has some important looking e-mails stuck in the mail queue and you need his password to log in and free them up. This is how hackers try to get the information!
Countermeasure: If someone tries to get your personal or bank details ask them few questions. Make sure the person calling you is legit. Never ever give your credit card details on phone.
2. Shoulder Surfing
Shoulder surfing is an effective, low-tech password hack.
To mount this attack, you must be near the user and not look obvious. Simply watch either the user’s keyboard or screen when logging in.
A hacker with a good eye may watch whether the user is glancing around his desk for either a reminder of the password or the password itself.
Many folks have experienced shoulder surfing at the grocery-store check outline. You swipe your debit card to pay for your chips and dip; you enter your PIN to authorize the transaction; and before you know it, the guy in line behind you has your PIN! He simply watched you enter it into the keypad.
You can try shoulder surfing yourself — though preferably not in the grocery store checkout line. Just walk around the office and perform random spot checks. Go to users’ desks, and ask them to log in to their computers.
This seems silly but this can easily help you to get someones password within seconds. If hacker knows you, he can use information he knows about you to guess your password. Hacker can also use combination of Social Engineering and Guessing to acquire your password.
Countermeasure: Don’t use your name, surname, phone number or birthdate as your password. Try to avoid creating password that relates to you. Create complex and long password with combination of letters and numbers.
- Dictionary Attack
Dictionary attacks quickly compare a set of known dictionary-type words — including many common passwords — against a password database.
This database is a text file with hundreds if not thousands of dictionary words typically listed in alphabetical order.
Dictionary attacks are only as good as the dictionary files you supply to your password-cracking program.
You can easily spend days, even weeks, trying to crack passwords with a dictionary attack. Most dictionary attacks are good for weak (easily guessed) passwords..
Links for Dictionary password List:-
5. Brute Force Attack
Any password can be cracked using Brute-force attack. Brute-force attacks try every possible combinations of numbers, letters and special characters until the right password is match. Brute-force attacks can take very long time depending upon the complexity of the password. The cracking time is determined by the speed of computer and complexity of the password.
Countermeasure: Use long and complex passwords. Try to use combination of upper and lowercase letters along with numbers. Brute-force attack will take hundreds or even thousands of years to crack such complex and long passwords.
Example: Passwords like “iloveu” or “password” can be cracked easily whereas computer will take years to crack passwords like “aN34lL00”.
7. Rainbow Table
A Rainbow table is a huge pre-computed list of hashes for every possible combination of characters. A password hash is a password that has gone through a mathematical algorithm such as md5 and is transformed into something which is not recognizable.
A hash function is any algorithm that maps data of variable length to data of a fixed length. The values returned by a hash function are called hash values, hash codes, hash sums, checksums or simply hashes.
Hash functions are primarily used to generate fixed-length output data that acts as a shortened reference to the original data.
The idea behind hashing is that some data either has no inherent ordering (such as images) or is expensive to compare (such as images). If the data has no inherent ordering, you can’t perform comparison searches.
Hashes play a role in security systems where they’re used to ensure that transmitted messages have not been tampered with. The sender generates a hash of the message, encrypts it, and sends it with the message itself. The recipient then decrypts both the message and the hash, produces another hash from the received message, and compares the two hashes. If they’re the same, there is a very high probability that the message was transmitted intact.
Countermeasure: Make sure you choose password that is long and complex. Creating tables for long and complex password takes a very long time and a lot of resources
8. Rats & KeyLoggers
In keylogging or RATing the hacker sends keylogger or rat to the victim. This allows hacker to monitor every thing victim do on his computer. Every keystroke is logged including passwords. Moreever hacker can even control the victims computer.
Countermeasure: Never login to your bank account from cyber cafe or someone else computer. If its important use on-screen or virtual keyboard while tying the login. Use latest anti-virus software and keep them updated.