Password Attack Types – Brute-force Attack, Brute-force with Mask Attack, Dictionary Attack

Many cases when password is forgotten, we need to use professional password cracking tools. And every password cracking tool has password attack strategies for choice. To understand how to protect yourself from a password attack, you should become familiar with the most commonly used types of attacks so that you won’t be confused to use password cracking tools and techniques to regularly audit your own organization’s passwords and determine. This article introduced a primer of the ­­most widely used types of attacks.

Brute-force Attack: In this attack, all possible combinations of passwords apply to break the forgotten or lost password. It is generally used to crack the encryption where the passwords are saved in the form of encrypted text, and you have no clues of the password.

Since searching a hash from all possibilities is a time taking process, brute-force attack is the most time-consuming type among all the strategies. For example, if you set the password as a 8 characters and all characters are lower case letters, then there are 268 combinations for your password. However, this shows that brute-force attack is effective for smaller password.

Brute-force with Mask Attack: This is a variant of brute-force attack used when you still remember some of your password information. For example, if you remember the password character length, the first or last character. To use this attack, a password mask must be defined.

Under Brute-force, set the length for the password with “Min Length” and “Max Length”. Define the possible password character settings with “Character Set”.

password attack method

Dictionary Attack

Dictionary Attack: This type of attack is relatively faster than the two above methods. Unlike checking all the possibilities, the dictionary attack tries to match the password with most occurring words or words of daily life usage.

For example, some of us used to set the passwords related to the names of birds, familiar places, own or children’s names, birthday numbers, etc. These words can be judged by the dictionary attack. So you can make the dictionary of most commonly used words that might have been used as a password.

Though dictionary attack is faster than brute force, it has limitations such as limited words contain in the dictionary and there is a chance that it is unable to crack the password.

Shoulder Surfing: It is an alternative name of “spying” in which the attacker spies the user’s movement to get his/her password. In this attack, the attacker observes the user how he enters the password such as what keys the user has presses.

password  attack

shoulder surfing

The main aim of password is to restrict unauthorized users to access the system. The above attack methods are a small part of various password attacking methods. So if not necessary, it is highly suggested not to set up a password in case troubles of forgetting password.