If someone (call him Dave) chooses a weak password for a website, say one of many thousands of easily hacked passwords like “123454321AbC” how is a a hacker able to access the Dave’s account on the site?
Because there are a LOT of weak passwords. Why wouldn’t relative obscurity save this user if the website adopted a simple, well-known process in which, say, 4 wrong entries of a password disables the account until a user manually calls in and verifies, and in this way a hacker would never have the opportunity to go through the very large set of weak passwords for Dave?
In: 0
a malicious user will never really try to brute force a password, its a wate of time and computing power(plus most secure pages will limit your attempts as a measure to avoid this).
instead what would most likely happen is that the actor would try to get a hold of the page’s database where said passwords are held evne if encrypted so that instead of trying ALL passwords, it only has to attempt the passwords used by the known users: this is known as a **dictionary attack**. thissort of attack doesnt evne need that’s page’s database, just a database where itcan determine that there is a connection(as most people tend ot reuse passwords.)
instead of trying every single word, it tries every word it knows its being used.
Latest Answers