Section 17.160 Password Attacks Flashcards
Objectives 2.4 Given a scenario, you must be able to analyse indicators of malicious activity. Objectives 4.6 Given a scenario, you must be able to implement and maintain identity and access management.
Password Attacks
Methods used by attackers to crack or recover passwords
Types of password attacks
Brute Force
Tries every possible character combination until the correct password is found
■ Effective for simple passwords but time-consuming for complex ones
Brute Force Mitigation
● Increasing password complexity and length
● Limiting login attempts
● Using multi factor authentication
● Employing CAPTCHAS
Types of password attacks
Dictionary
Uses a list of commonly used passwords (a dictionary) to crack passwords
■ May include variations with numbers and symbols
■ Effective against common, easy-to-guess passwords
Attacker Dictionaries are up to date using special characters etc
Dictionary Mitigation
Increase password complexity and length, limit login attempts, use multifactor authentication, and employ CAPTCHAS
Types of password attacks
Password Spraying
A form of brute force attack that tries a few common passwords against many usernames or accounts
■ Effective because it avoids account lockouts and targets weak passwords
Password Spraying Mitigation
Use unique passwords and implement multi-factor authentication
Types of password attacks
Hybrid
Types of password attacks
Hybrid Mitigation
Combines elements of brute force and dictionary attacks
■ May include variations, such as adding numbers or special characters to passwords
■ Can use a static dictionary or dynamically create variations
■ Effective for discovering passwords following specific patterns
