If someone (call him Dave) chooses a weak password for a website, say one of many thousands of easily hacked passwords like “123454321AbC” how is a a hacker able to access the Dave’s account on the site?
Because there are a LOT of weak passwords. Why wouldn’t relative obscurity save this user if the website adopted a simple, well-known process in which, say, 4 wrong entries of a password disables the account until a user manually calls in and verifies, and in this way a hacker would never have the opportunity to go through the very large set of weak passwords for Dave?
In: 0
Hackers don’t usually try every password against the actual website.
Instead they find a way to get the website’s user database. The database holds the users’ passwords, but they are supposed to be hashed (kinda like encrypted but not exactly). The only way to find the user’s password is to brute force it and see if its hash matches the one stored in the database. If the password is weak, brute forcing it would be simple.
Latest Answers