Ready to Start Your Career?

Password and Authentication Hack

oluwaseunmi 's profile image

By: oluwaseunmi

August 14, 2018

A password is known generally to be the secret code you input to gain access to a resource. Authentication is the process of gaining access to a resource. Passwords are a means of authentication. They are usually our only means of authentication for our online accounts. Are they hackable? Yes, very much so.How?Classic hacking of passwords comes in three forms:
  1. Birthday attack
  2. Dictionary attack
  3. Bruteforce attack
These are the old methods, but they are the basis of password hacking. A birthday attack is employed when an attacker tries different combinations of birthdays to guess a password. Of course, there are software programs used to do it. A dictionary attack is employed when an attacker tries to guess a password by running through all the words in the dictionary on a victim's account using a software application. Brute force tries all combination of words, numbers, and characters until the password is cracked. Usually, our passwords are either numbers, names, or English (dictionary) words. That's why these techniques always work. Such hackable passwords are characterized as weak passwords.

Short Test

Which of these passwords is strongest?
  1. telephone
  2. 123456Abel
  3. R@t Sp1ce!

Countermeasures Against Password Cracking

  • Use long, strong passwords (with combinations of numbers, symbols, and letters)
  • Use password management software programs, e.g., Lastpass.
Always bear in mind that the majority of successful attacks result from simple slip ups from the user.

Authentication

Organizations have been advised to implement multi-factor authentication.Multi-factor authentication requests three things:
  1. What you are
  2. What you have
  3. What you know
Your password is an example of 'what you know.' The fingerprint scanner on Android devices is 'what you have.' That is called 2-factor authentication. When we make online payments, after entering your card details (what you have), you enter your Ipin or application pin (what you know), and an OTP (One Time Password) is sent to you from the bank to verify that it is you (what you are).

Latest Hack!

The OTP we receive from banks was recently hacked by a group of cyber security researchers. How? The telephone network we operate on currently is known as SS7, Signaling System 7. A hole (vulnerability) has been discovered in the SS7 that provides hackers with enough fire power to intercept text messages! So, when a hacker who means business is able to get your ATM card information, the OTP is supposed to be your last line of defense against stealing your money. Well, the hacker can intercept your text message with the right tools and get the OTP, which is in plain text!
Schedule Demo