Password Penetration testing

  • Letters: Can be English or other language and mixture of small and capital letters. A-Z and a-z
  • Numbers: any combination from 0–9
  • Special characters: @!#$?>- and many more
  • Weak/guessable passwords have a very big impact leading to full system/ company takeover.
  • Users personal data can be fully leaked just by having a weak password.
  • User can suffer financial losses and metal issues following the impact.
  • It can help categories different users for proper access control.
  • Dictionary attack: A user’s account is tried for various passwords from a dictionary file, which is a list of dictionary words.
  • Brute Forcing attack: Tool tries to use all possible combinations to break password.
  • Hybrid attack: add numbers and symbols to a dictionary file and we have a hybrid attack.
  • Syllable attack: this attack is composed by mixing dictionary and brute force attacks.
  • Rule-based attack: This attack is possible once an attacker has some clues as to the pattern which his victim uses in password creation or due to site restrictions.
  • Following are some of the measures to follow to keep passwords safe and strong:
  • Have policies for password creation, management and expiration.
  • Use multi factor authentication(MFA) and auto account lockouts after some idle time.
  • Storage and transmission of only salted hashed passwords.
  • Implement proper authorization controls to prevent data leaks.
  • Use onscreen keyboards to defeat keyloggers.
  • Prevent account logins after certain number of failed attempts or from unknown locations/time without MFA.

--

--

--

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

WHAT ARE ZERO DAY VULNERABILITIES ?

Modern Password Theory in a Nutshell

A hacker at a computer

{UPDATE} Cutthroat Pinochle Online Hack Free Resources Generator

How to achieve security using different types of firewalls

How Can You Protect Your Company In The World Of Cyber Security Threats

Sahas is a Feature Rich Personal Safety App

Financial Crimes, Compliance and COVID-19

{UPDATE} おそ松クイズ for おそ松さん Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Securium Solutions Pvt Ltd

Securium Solutions Pvt Ltd

More from Medium

TryHackMe — Ice

Hack the Box: Active Write-Up

Zero to almost hero to hero: My OSCP Journey 2022

Luanne- Hack the Box