Ready to Start Your Career?

Everything You Need To Know About Password Cracking

Shimon Brathwaite's profile image

By: Shimon Brathwaite

June 24, 2021

Password cracking is the art of getting someone's password without authorization. Passwords are the main line of defense for user accounts; if someone can retrieve your account password, they can quickly receive access to everything in that account. You can imagine the damage that can occur if someone does this to your bank account, work email, Gmail, or PayPal, to name a few. Password cracking is one of the simplest attacks to perform, and it is one of the first things hackers will try to do to gain access to a computer. Here is a complete guide to understanding how password cracking works and how you can plan your company's cybersecurity program to defend against it:

Types of Password Cracking

Brute Force

This type of password cracking is when someone guesses different types of passwords by trying every possible combination. For this to be effective, it requires the use of the software. It is far too slow for someone to do this manually. This attack is the least specific and takes the longest time. It is usually only effective for very short passwords (less than eight characters long).

Dictionary Attack

This type of attack takes a list of passwords as input and tries each word from that list as a potential password. Rather than trying to guess random combinations of letters, this attack tries hundreds or thousands of the most common types of passwords. This can be very effective because many people use the same, simple passwords for their accounts. One study found that 23 million people use the password "123456" as an example. Another variation is called a rainbow table attack, which uses hashes for commonly used passwords and passes that to the computer.

How To Protect Against Password Cracking

Have a good password policy

You must have a good password policy to prevent users from creating easy passwords that can be guessed by modern-day software. A good password policy must be mandatory for all employees, and it should require passwords to be 8-12 characters long, including uppercase and lowercase letters, numbers, and special characters. This will make sure that it is very difficult for someone to crack your password.

Use password managers

One feature users underestimate password managers. Popular browsers like Google Chrome come with a password manager to create extremely secure passwords and have the browser remember the passwords for you. If this feature is available to you, you should use it because the computer will create a much more secure password than what the average user will create. You can also download third-party password managers if you do not like the password manager that your browser has.

2FA (Two-factor Authentication)

This may seem rudimentary, but it continues to be one of the most critical vulnerabilities found in business; a lack of two-factor authentication. Enabling 2FA will allow users to be protected even if their passwords become compromised.

Phishing Awareness

Another way that users' passwords can become compromised is through phishing emails that convince users to click on links and enter passwords into a webpage. You must train your employees on the basics of Internet safety and phishing awareness so that they do not fall victim to one of these scams.


Password cracking is the practice of getting someone's password in an unauthorized way. Weak passwords are easier for a hacker to crack. To protect yourself and your employees from this risk, you must have a good password policy to guide employees on making a strong password. If possible, have people automate this process using a password manager and 2FA to ensure that their accounts are safe even if the password becomes compromised. Lastly, you should train your employees to be aware of phishing emails and to identify them. This way, employees will avoid clicking on malicious links and accidentally give their passwords.

Schedule Demo