If someone (call him Dave) chooses a weak password for a website, say one of many thousands of easily hacked passwords like “123454321AbC” how is a a hacker able to access the Dave’s account on the site?
Because there are a LOT of weak passwords. Why wouldn’t relative obscurity save this user if the website adopted a simple, well-known process in which, say, 4 wrong entries of a password disables the account until a user manually calls in and verifies, and in this way a hacker would never have the opportunity to go through the very large set of weak passwords for Dave?
In: 0
So many tricks.
One is not going through the login/password process *on the site*, but getting the database from the site.
Another is running an algorithm cracker on the site: this takes millions of different logins and attempts them, then intercepts the hashed outputs, connects them to the correct login attempt and attempts to rebuild the algorithm in use. It’s validated by attempting what it thinks is a correct password on the site, and the easiest ones to try are the “weak” passwords…so Dave’s weak password would probably be one of the first ones to succeed. This sort of attack doesn’t work on hash-and-salt encryption, so the site would have to have weak algorithms, too, but…
Just get a little bit creative and I’m sure you can think of a hundred other ways to get a weak password. How would *you* do it?
Latest Answers