Close panel

Close panel

Close panel

Close panel

Cybersecurity 14 Sep 2018

What is a dictionary attack (it doesn’t mean throwing a book at someone)?

The concept of a 'dictionary attack', although it sounds like a fight in a library, refers to a method of hacking to break password-protected security systems.

The technique involves consecutively trying many real words taken from dictionaries in different languages and also the most used passwords such as “123456” to try to surmount barriers to accessing password-protected systems. This type of attack is based on the proven fact that a large number of users choose the same passwords that are easy to remember but also easy to guess for criminals.

To carry out dictionary attacks different types of software are used that can combine different words when trying to find out a password.

To avoid being a victim of these types of attacks it is best to use passwords that are not in any dictionary in order to make things difficult for the hacker. That is use:

1. Words in different languages in the same password (*MiHouse*_).
2. Write words interspaced with numbers or special characters (Pa$$w0rd).
3. Insert double consonants in some syllables (Passwworrd).
4. Remove letters from words in a complete phrase. (The number of the house where I live is 155: Thnmbrfthhswhrlvs155).
5. If possible, set a maximum number of attempts to gain access.
6. Use the two-step authentication system provided by some services. That is, receive a service code that has to be plugged in to gain access to an account.

Heeding this advice will remove the temptation to use easy passwords common among thousands of people that run the risk of being found out by criminals. For example, the latest study carried out on this subject found that 3 percent of users globally use the password “123456”, the most common on the planet. It’s not surprising, therefore, that 10 percent of users use the 25 most common passwords, which include “password”, “password1”, “football”, “loveme”, the keypad combination “qwerty” and the current ones “starwars” y “dragon”.

You should bear in mind that cyber-criminals use this method not only to access user services as email or social networks but also use dictionary attacks to breach the security of wifi networks, gain access to video games or the corporate systems of organizations.

On a daily basis, users use different password-protected services and devices. These passwords should be different because if an attacker finds out a password through a dictionary attack for one of these, the first thing he/she will do is to try his/her luck with it on other services used by the same user. To avoid the burden of having to memorize the passwords for all services and devices there are applications for managing them such as KeePass. The password managers ask for a single password that you have to remember which gives access to the rest of the passwords used for other services.

Until the use of authentication methods that replace or complement passwords is widespread, to avoid attackers illegally accessing user accounts, it is important to create robust passwords, manage them properly and do not use the same one for different services.