In this article we will explain how to find a password by reviewing the 6 most used techniques.
This article explains again the basic principles on security passwords, unfortunately too many people are still trapped by these techniques.
There are several techniques used by malicious hackers to find passwords. This article will serve as a guideline for you not to hack online and keep your information to security.
How to find a password
1. The brute force attack
Any password can be cracked by brute force. This is true.But-and the "but" is certainly important, time to get there can be long, very long.
When I speak of "very long", it is for example expected hundreds of thousands of years.
This time is determined both by the complexity of the password and power of the machine trying to find it.
The brute-force attack tests "stupidly" any combination of numbers, letters and special characters until you find the password.
It can also be used via a keyword list (dictionary attack) or password models as we will see in training with John The Ripper.
Against-measure: Simply use long and complex passwords. I give tips to keep them in this article. Use lowercase letter combinations, capital letters with special characters or numbers.Example: A password like "password" will be cracked very quickly, while 'ch0wn-R74Y "will take a long time.
2. Le Social Engineering
This is to manipulate a person to have confidence in their pirate order to provide for itself sensitive information. There are many examples of this, like the famous hacker posing for computer repairman who needs the password of the Secretary to update the "security program".
Social Engineering covers different areas, there are not that passwords can be recovered by this method but also credit card numbers, private data related to a particular person, etc ...
Measure against: Do not blindly trust are doing to people you do not know, and also pay attention to the people you know, they are potentially doing hack.
3. The Trojans and Keyloggers
Rather radical, when a hacker sends a malicious keylogger program type, it receives all that his victim types on the keyboard, the site is https or not, the password is hidden by stars or not.
Against-measure: Do not log in from a computer that is not yours, even less if you connect to your bank. You can use virtual keyboards, antis-keyloggers, special techniques. But do not forget to install and maintain an antivirus. Stay as suspicious, do not download anything.
4. Phishing
Phishing is one of the easiest and most popular ways to obtain someone's password.
In a phishing attack, the malicious hacker will typically send an email or a website to someone posing as someone else.
When the targeted person connects to the fake site or generally gives his information wrongly, the malicious hacker gets everything and share with.
These phishing pages are regularly posted on free hosting sites.
Countre-measure: Phishing attacks are easy to avoid. The URL of the fake site is necessarily different from the original site. For example, faccbook.com not facebook.com, so check the URL of a site prior to convey information.
5. rainbow tables
A Rainbow table is a big pre-calculated list of hashes for all possible combinations of characters. A hash of a password is obtained through mathematical algorithms md5 kind to transform a password into something unrecognizable.
A hash is a one-way encryption, this means that with the hash in question, there is no algorithm to do the inverse method to recover the password. The hash is also supposed unique, ie the hash "hello" is not the same as "hEllo".
The method of storing passwords best known for websites is also the hashing passwords.
But then how do we verify that the password is correct when connecting?
Indeed, there is no decryption algorithm, but simply recalculates the hash and comparing it with that stored in the database. In fact, rainbow tables are similar to brute-force, they simply apply the hash, not passwords "full text".
Against-measure: Same as the brute-force, be sure the complexity of passwords.
6. Guess the password
To learn how to find the password guessing, I'll start with the latter technique simple example:When repeated incorrect entry of a password on some systems, a password is obtained indicating left by the user himself.
This indication is supposed to allow to him only to remember the password. Only an indication of the type "my family name" is the same as giving almost directly password to anyone.
I also spoke in an article, the see someone typing on a keyboard "JaimeFaceb" is enough to guess the rest of the password. So just a few seconds of quiet look at a keyboard for an attacker grabs your password, neither seen nor known.
Measure against: Do not use your full name, date of born, telephone numbers, age etc ... in your passwords. Create passwords that only you know, which are a minimum complicated to guess.
EDIT: Two other techniques proposed by John Doe in the comments:
7) If someone leaves his computer unattended, there is an easy way to get the key to its WiFi network. You click on the logo of the network connection and you go to the properties. Eventually you will find a check box that will display the real characters and not the usual star hiding the password.
8) When a password is too complex, a large percentage of people write the password on a paper they stick inside the top drawer of the desk.
I founded the Blog DepoTech in January 2015. Self-taught in development, I have always pushed my curiosity about the topics,Web and Tech news.
ConversionConversion EmoticonEmoticon