Password Cracking

00:01

next. Let's look at password cracking.

00:05

So

00:06

how do militias Attackers figure out? Uses passwords?

00:10

Well, they can try variety of techniques.

00:13

A brute force attack says. Just try every possible combination of characters until you hit on the right one

00:21

Dictionary attacks.

00:23

Instead of just trying random characters, try words in the dictionary and obvious permutations.

00:29

Now, if you look at those two examples,

00:32

uppercase P at SS W. Zero RD might seem like a really clever password

00:38

because it's fairly easy to remember.

00:40

But the AI is replaced by

00:43

the at symbol

00:45

he always replaced by zero.

00:47

So you have a what's called a complex password. There's also an uppercase P and lower case letters in there,

00:53

but unfortunately, that's a very common combination that people come up with.

00:58

So that wouldn't be a good idea for a password.

01:00

Well, look, att Hello, one

01:03

that attempts to be a complex password because it has both letters and a number in it.

01:07

But frequently, when people add a number into their password, it is the number one

01:14

on the first part of it is a word in the dictionary, so that's not particularly clever either.

01:21

Another way hackers can get two passwords is to look to see if users have written it down somewhere.

01:27

So if a malicious user gets to your desk, for example,

01:32

they could look around on the desk, See if you Britain the password, like I said, you know, somewhere not very obvious, like under the keyboard, onto the mouse mat or in your top drawer, or even stuck up on the monitor or left lying around on a piece of paper.

01:47

So to guard against possible attacks,

01:49

users should be forced through policy to choose complex passwords. And by complex, we mean a mixture of lower case uppercase nono, non alphanumeric characters and numbers.

02:04

We should ensure users do not use names

02:07

like

02:07

people often tempted to use the name of their spouse there partner

02:12

their child, their pet,

02:14

their favorite movie star. And so on,

02:16

Um, or any words in the dictionary

02:21

do not use the same password for multiple. Resource is this is a very common problem now because

02:28

were now expected to log on to hundreds of different websites in the normal course of activity,

02:34

and you have to supposedly coming up with a different password for each website and each resource you connect to.

02:42

Problem is, of course, if somebody discovers your password,

02:45

they now have access to everything that uses that password.

02:49

So it's a good practice to have unique passwords for everything you connect to.