Password Security: Meaning, Types Of Password Attacks And Prevention

·

7 min read

Week 2.png

Introduction

In this article, we will be looking at Password Security as a topic and some attacks that can breach our password security. Ranging from how attackers scan networks to get our credentials to Phishing Attacks where attackers mimic sites and also how Brute force attacks are been performed. The need for knowledge of online safety is imperative and we also need to be aware of how things are been done so that we won’t fall victim.

Password Security

Before digging deep into the meaning of Password security, let’s know what a Password mean, we can’t understand the meaning of securing a Password without knowing the Password itself.

A Password in a lame man term is a secret phrase used for authentication/access. Password can be defined as a coded phrase or term that authorized individuals to use to demonstrate their legitimacy when requesting information or access In lieu of that, let’s understand the meaning of Password security and some subdomains under it.

Password security is the combination of policies, processes, and technologies that make passwords and authentication methods more secure. It’s all about knowing how to protect passwords from attackers. Despite the fact that we use different passwords or unique passwords attackers still find a way of getting our credentials by performing some tricks and hacks.

Types of Password Attacks

There are different types of password attacks and how they are been achieved, in this article we will be learning how some of these attacks are been done and also how to prevent them.

**1. Wifi Traffic Monitoring Attacks - ** These attacks involve scanning or watching over the victim's networks. A hacker attempts to connect to the same network as you in a traffic analysis attack so they may listen to (and record) all of your network communication.

The hacker can then examine that traffic to find out information about you or your business. Therefore, unlike previous, more well-known attacks, no one is actively attempting to break into your computers or guess your password. As a result, we categorize this attack as passive.

One example of a Traffic monitoring attack is the DOS Attack which stops authorized users from using the compromised device or network and can be detected by Identifying common warning signs of DoS attacks, like slow network performance or unavailable websites.

2. Tab Nabbing - Tabnabbing is a type of phishing attack that manipulates inactive web pages. It happens when users close an open tab, allowing malicious hackers the chance to reroute the site to an alternative one that they control. The goal of tabnabbing is the same as that of conventional phishing, in which attackers use an email or link to direct victims to their websites.

One of the ways of detecting a Tab nabbing attack is by checking out for typos on the site. This is because it's not possible for the attacker to take hold of the entire site instead the attacker can mimic only the login page which may have some typos

3. Keylogging - Keystroke logging, or "Keylogging," is the technique of secretly recording input signals from a keyboard into a computer while the computer user is unaware of it. Keylogging can be carried out using a variety of techniques, including software and hardware.

These techniques include low-level rootkits, operating system-level API-based programs, hardware devices connected in line with keyboard connections, and analysis of electromagnetic signals emitted by a target keyboard from up to 20 meters (66 feet) away.

Keylogging features are frequently included in different types of botnet malware (like the Zeus Trojan) with the intention of capturing users' personal or financial information.

The warning signs for detecting a keylogger program on your computer are simple: a slow browser, a lag in mouse movements or keystrokes, or a disappearing cursor. A keylogger can track you even if you're using one of the best browsers for privacy

4. Bruteforce Attacks - A brute force attack is a hacking technique that makes use of trial and error to break encryption keys, passwords, and login credentials. It is a straightforward but effective strategy for getting unauthorized access to user accounts, company systems, and networks. Until they discover the proper login information, the hacker tries a variety of usernames and passwords, frequently utilizing a computer to test a wide range of combinations.

The term "brute force" refers to attacks that utilize excessive force in an effort to obtain user accounts. Despite being a tried-and-true type of hacking, brute force attacks continue to be a favourite among hackers.

5. Dictionary Attacks - A dictionary attack is a structured process to password guessing that uses a large number of common words and their straightforward variations. The name of the attack comes from the fact that attackers use huge lists of the most popular pet names, fictional characters, and dictionary phrases. Also, they convert some letters to digits or other special characters, such as "p@ssw0rd."

This method is used by hackers to access online accounts, but they may also use it to decrypt files, which is a far greater issue. The majority of people make at least some attempt to protect their social media or email accounts. To secure the files they share with other individuals, they choose straightforward, easy phrases.

Those files would be very simple to intercept if transferred over a risky connection, and a dictionary attack to guess the password wouldn't be difficult either.

6. Man-in-the-Middle Attack - Man-in-the-middle (MitM) attacks occur when a hacker or compromised system sits in the middle of two uncompromised people or systems and deciphers the information they exchange, including passwords.

If Alice and Bob are passing notes in class and Jeremy is required to relay those notes, Jeremy has the opportunity to be the man in the middle.

Similarly, Equifax removed its apps from the App Store and Google Play in 2017 because they were transmitting sensitive data over insecure channels where hackers could steal customer information.

To help prevent man-in-the-middle attacks:

- Enable encryption on your router. If your modem and router can be accessed by anyone off the street, they can use "sniffer" technology to see the information that is passed through it.

- Use strong credentials and two-factor authentication. Many router credentials are never changed from the default username and password. If a hacker gets access to your router administration, they can redirect all your traffic to their hacked servers.

- Use a VPN. A secure virtual private network (VPN) will help prevent man-in-the-middle attacks by ensuring that all the servers you send data to are trusted.

7. Credential Stuffing - If you've suffered a hack in the past, you know that your old passwords were likely leaked onto a disreputable website. Credential stuffing takes advantage of accounts that never had their passwords changed after an account break-in. Hackers will try various combinations of former usernames and passwords, hoping the victim never changed them.

To help prevent credential stuffing:

- Monitor your accounts. There are paid services that will monitor your online identities, but you can also use free services like haveIbeenpwned.com to check whether your email address is connected to any recent leaks.

- Regularly change your passwords. The longer one password goes unchanged, the more likely it is that a hacker will find a way to crack it.

- Use a password manager. Like a dictionary attack, many credential-stuffing attacks can be avoided by having a strong and secure password. A password manager helps maintain those.

**How to protect yourselves from Password Attacks **

  1. One of the ways of preventing Traffic monitoring attacks is by constantly updating your software and also connecting to safe wifi networks

  2. Avoid too many opening tabs at once

  3. To prevent keyloggers from stealing your personal information, you need to take preventive measures and add an extra layer of security

  4. You can reduce the risk of Bruteforcing attacks by using Strong Passwords, Limiting Login Attempts, Monitoring IP addresses and using Two-Factor Authentication (2FA)

  5. You can reduce the risk of Dictionary attacks by using Strong Passwords, 2FA

**Conclusion **

We need to understand the need for password security so that we won’t be a victim of the explained password attack. Remember, attackers, are looking for a way to steal people's credentials every day so make sure you are Cyber secure and educated. Stay Safe!!

Written By: Promesa