Yesterday we looked at brute force hacking, and at the end of the post, we saw that a lot has been done to ensure brute force hacking is unattractive to hackers especially when hacking platforms that are in constant connection to the internet. Today we want to look at another cyberattack that is would leave you quite surprised, today we review dictionary hacking. Dictionary hacking is somewhat similar to brute force hacking, albeit a more precise version of brute force.
A RELATABLE EXPLANATION
Over 23 million people "123456" as their password, over 3.6 million people use "password" as their password and over 3.8 million people use "qwerty" as their password. When you add this to the fact that 75% of people reuse their password you can see why this is serious. Dictionary password hacking involves trying commonly used passwords in order to infiltrate a user's account or gain access to supposedly secure resources. This is a lot faster than brute force with a higher success rate which makes it attractive to hackers.
The solution to this is not using words like your name or actual words that can be found in a dictionary as these are easy targets. Measures have been implemented to check dictionary attacks, most of which I listed yesterday. An added password security feature that is included in some platforms is the refusal of passwords that have your name in them, asides from that, limits on the number of wrong tries seems to solve most of the challenges.
FINALLY...
Ultimately, no security measure can protect people who aren't security conscious, people are known to outrightly reveal their passwords directly or indirectly through social engineering attacks (which I will write about tomorrow). In conclusion, while software engineers and cybersecurity experts are expected to keep everyone safe, there's an implicit burden placed on netizens to ensure that security measures work by being security conscious and aware of hacking strategies that are commonly used.