Types of password attacks

Hyderabad: While the digital age makes our lives easier it also brings many challenges particularly in terms of cyberattacks. The most important segment that is susceptible to online attack is passwords. With many different accounts for different utilities having different passwords and remembering them is not an easier task and reusing the same login credentials can make you vulnerable to a password attack.

These kinds of cyberattacks compromise and exploit your personal information by decoding the passwords used to keep people out.

The different types of password attacks according to NortonLifeLock are:

Brute force attack:

A password attack is essentially a guessing game where the hacker tries different password combinations using hacking software until they’re able to crack the code.

Credential stuffing:

This is a brute force attack that uses stolen credentials to break into your online accounts and profiles. Aside from using spyware and other kinds of malware to get the credentials they want, the dark web often has lists of compromised passwords for cybercriminals to use for their devious plans.

Social engineering:

Password hackers create what is known as social engineering websites that they design to seem like legitimate login pages. Cybercriminals send you to a fake login field that won’t give you access to your account. It only records the information you type in, giving the cybercriminal exactly what they want.

Keylogger attack:

This is a spyware used to track and record what you type on your keyboard. Despite being legal to use, depending on the reasoning, hackers take advantage of this software by intentionally infecting vulnerable devices and recording private information without their knowledge.

Password spray attack:

This is when a hacker uses a large number of stolen passwords — sometimes in the millions — sometimes on a small number of online accounts to see if they can gain access.

Phishing:

Password phishing attacks often come in the form of an email or text message where the hacker may pair these messages with a link to a strategically designed social engineering website created to trick you into logging into your profile. These websites will record the credentials you type in, giving the attacker direct access to your actual account.

Man-in-the-middle attack:

A man-in-the-middle attack uses phishing messages to pose as a legitimate businesses to complete the following goals – use malicious attachments to install spyware and record the passwords, embed links to social engineering websites to get people to compromise their own credentials.

Shoulder surfing:

One way that hackers get their hands on passwords is by looking over people’s shoulders in public as they type.

How to prevent password attacks:

• Create a unique password for every online account

• Enable two-factor authentication for online accounts to avoid any suspicious login attempts.

• Avoid clicking on suspicious links or attachments and always look for legitimate pages with https//.

• Install reliable comprehensive antivirus software onto your device can help avoid keylogger attacks.

• Make a routine of changing your passwords every couple of months

• Double check the URLs before logging into accounts

• Enable biometric features like facial recognition to sign into accounts on mobile devices.