What is a dictionary attack?A dictionary attack is a form of hacking where a computer, or collective group of computers (known as a botnet) are used to rapidly attempt to access an account, with the aim of stealing precious information such as credit card details, email addresses, phone numbers and more. This information is often sold on to criminal organisations to use however they please. This method of hacking works by singling out a user (their username could be displayed online or easy to figure out) and trying thousands of commonly used password combinations to try and gain access.
Why is a dictionary attack dangerous?Any user who ensures their passwords are complex need not worry about this, but easy to guess and common passwords are always at the top of a database of passwords to try in a dictionary attack. You can find a list of some of the most common passwords here. According to studies, 91% of all user passwords are found in the most common 1000 passwords. If a hacker has the resources to make 5000 guesses of a password per minute, then 9 out of 10 users’ accounts would be compromised within just 12 seconds! Further to this, over half of users use passwords from the top 25 entries of most common passwords, making it even easier for these to be guessed. Whilst a lot of places where you log in encourage a secure password, there are some which are actually restricting complexity, meaning their accounts are more liable to dictionary attacks from hackers. One notable example we found was Microsoft Office 365. When trying to enter a secure secret password, we found you could not enter a password of more than 16 characters! It is these kind of limits that are restricting people and hence encouraging them to use more simple passwords.
How can I keep my account secure?We have found the best ways to keep your account secure are to:
- Make sure your password (or any variation of it) does not appear in the list of top used passwords!
- Ensure your password contains at least one number and one special character
- Do not use memorable dates that others could find out, such as your date of birth or anniversary
- Try and use words which are not real, to decrease the likelihood of them being in hackers’ databases of passwords
- Use a mix of lower and upper case passwords to further increase your security
To conclude, as long as your accounts have secure passwords on, you will be far safer from malicious dictionary attacks.
With a variety of other forms of attacks emerging every day online, keeping your passwords secure means one less thing to worry about.
For more information on how we can help keep your company protected online, or any other services that we can offer you, please feel free to call us on 01202 375343, or send an email to email@example.com.