Networks, databases and accounts require strong passwords. If a password is short or otherwise weak, it will create a vulnerability that increases the risk of a cyber attack. There are many different types of password attacks. A password attack, of course, is a threat that involves a password. By understanding the most common types of password attacks, you can implement safeguards in your business’s information technology (IT) infrastructure to prevent them.
#1) Brute Force
Brute force is a type of password attack that involves a trial-and-error approach to a login form. During a brute-force cyber attack, a hacker will use software to enter a random combination of usernames and passwords. Brute-force software can often spam thousands of username and password combinations per minute. Alternatively, hackers can perform brute-force password attacks manually by entering the username and password combinations themselves.
Man-in-the-middle (MITM) password attacks involve the disruption of communications between a victim and the protected system he or she is trying to access. When logging in to an online bank account, for instance, you’ll have to send your username and password to the banking website. During a MITM password attack, a hacker will intercept the data packages that you send to the banking website in hopes of stealing your login credentials.
We can’t talk about password attacks without mentioning keylogger. Keylogger password attacks are those that leverage malware known as a keylogger. If your computer is infected with a keylogger, it will capture your keystrokes. Assuming you type a password — as opposed to using a biometrics method of authentication — the hacker who deployed the keylogger may steal your password.
Phishing can expose your passwords to a hacker. Phishing refers to any social engineering threat. Social engineering threats are those that seek to trick victims into providing their passwords or other sensitive information. There are phishing emails that look like real emails from legitimate brands. If you click a link in a phishing email, though, you may expose your password to the hacker who sent it.
#5) Credential Stuffing
Credential stuffing password attacks involve stolen usernames and passwords, which are “stuffed” into various login forms. Many people use the same login credentials for multiple accounts or websites. With credential stuffing, a hacker will know the username and password to at least one of your accounts. The hacker will then attempt to use those login credentials for other accounts.