Password and Authentication Hack

August 14, 2018 | Views: 8009

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

A password is known generally to be the secret code you input to gain access to a resource. Authentication is the process of gaining access to a resource. Passwords are a means of authentication. They are usually our only means of authentication for our online accounts. Are they hackable? Yes, very much so.

How?

Classic hacking of passwords comes in three forms:

  1. Birthday attack
  2. Dictionary attack
  3. Bruteforce attack

These are the old methods, but they are the basis of password hacking. A birthday attack is employed when an attacker tries different combinations of birthdays to guess a password. Of course, there are software programs used to do it. A dictionary attack is employed when an attacker tries to guess a password by running through all the words in the dictionary on a victim’s account using a software application. Brute force tries all combination of words, numbers, and characters until the password is cracked. Usually, our passwords are either numbers, names, or English (dictionary) words. That’s why these techniques always work. Such hackable passwords are characterized as weak passwords.

Short Test

Which of these passwords is strongest?

  1. telephone
  2. 123456Abel
  3. R@t Sp1ce!

Countermeasures Against Password Cracking

  • Use long, strong passwords (with combinations of numbers, symbols, and letters)
  • Use password management software programs, e.g., Lastpass.

Always bear in mind that the majority of successful attacks result from simple slip ups from the user.

Authentication

Organizations have been advised to implement multi-factor authentication.

Multi-factor authentication requests three things:

  1. What you are
  2. What you have
  3. What you know

Your password is an example of ‘what you know.’ The fingerprint scanner on Android devices is ‘what you have.’ That is called 2-factor authentication. When we make online payments, after entering your card details (what you have), you enter your Ipin or application pin (what you know), and an OTP (One Time Password) is sent to you from the bank to verify that it is you (what you are).

Latest Hack!

The OTP we receive from banks was recently hacked by a group of cyber security researchers. How? The telephone network we operate on currently is known as SS7, Signaling System 7. A hole (vulnerability) has been discovered in the SS7 that provides hackers with enough fire power to intercept text messages! So, when a hacker who means business is able to get your ATM card information, the OTP is supposed to be your last line of defense against stealing your money. Well, the hacker can intercept your text message with the right tools and get the OTP, which is in plain text!

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel