If someone (call him Dave) chooses a weak password for a website, say one of many thousands of easily hacked passwords like “123454321AbC” how is a a hacker able to access the Dave’s account on the site?
Because there are a LOT of weak passwords. Why wouldn’t relative obscurity save this user if the website adopted a simple, well-known process in which, say, 4 wrong entries of a password disables the account until a user manually calls in and verifies, and in this way a hacker would never have the opportunity to go through the very large set of weak passwords for Dave?
In: 0
There are dictionary attacks that will go through words and common passwords. They also are onto your trick of replacing a with @. They can go through these dictionaries very fast.
However if you have an account lockout after incorrect guesses as you say then this attack won’t work. You will need a secure way of unlocking the account if you take this approach, so you most often see this protection on staff logins to corporate systems, rather than public websites.
Latest Answers