Monday, 26 September 2016

Password Hacking Techniques

Web development companies

There are number of methods used by hackers to hack your account or get your personal information like password. Password hacking is very common nowadays. So Web development companies should implement countermeasures of password hacking. The most common password hacking tricks and their countermeasures are as follow:

Brute force attack: 
  • Brute-force attack is used to crack any password. 
  • Brute-force attacks try every possible combination of digits, alphabets and special characters until the correct password is match.
  • Brute-force attacks can take very long time depending upon the complexity of the password. 
  • Countermeasures:
    •  Use long and complex passwords.
    •  Try to use combination of upper and lowercase letters along with numbers.

Social Engineering:
  • It is process of manipulating someone to trust you and get information from him/her. 
  • Let’s take an example. If the hacker was trying to get the password of his co-workers’ computer, he might call them pretending to be from the IT department and simply ask for their login details. 
  • It can be used to hack password, bank credentials or any personal information.
  • Countermeasures:
    • Never ever give your credit card details on phone.
    • If someone tries to get your personal or bank details ask them few questions.

Rats and Key loggers:
  • Key logger is sent to the victim’s computer to crack a password.
  • Now hacker keeps monitoring everything victim does on his computer including password by key loggers.
  • So it is major concern for software development companies.
  • Countermeasures:
    • Never login to your personal user account from someone else or cyber cafe computer.
    • Use latest anti-virus software and keep them updated.

Phishing:
  • This attack is used by hackers to get someone account details like username and password.
  • In this attack, hacker sends fake page of real website like Facebook, Gmail to victim. When someone login through that fake page, his details is sent to the hacker. 
  • Countermeasures:
    • Always make sure that websites URL is correct.
    • For example, you should check whether it is gmail.com or phishing page gmmail.com.

Rainbow Table:
  • Rainbow table is a big pre-computed list of hashes for every possible combination of characters.
  • A password hash is a list of passwords that have gone through a mathematical algorithm and are transformed into something which is not recognizable. 
  • A hash is a nothing but an encryption so when a password is hashed it cannot get back to the original string from the hashed string.
  • Countermeasures:
    • Make sure the password chosen is long and complex. 
    • Creating tables for long and complex password takes a very long time and a lot of resources.

Guessing:
  • This can easily help attacker to get someone’s password within seconds.
  • If hacker knows you, he can use your personal information he knows about you to guess your password. 
  • Countermeasures:
    • Don't use your first name, nickname, mobile number or birthdate as your password. 
    • Create complex and long password with combination of letters and numbers.

Dictionary Attack:
  • A file of words is run against user accounts, and if the password is a simple word, it can be found pretty quickly.
  • Countermeasures:
    • Use long and complex passwords. 
    • Try to use combination of upper and lowercase letters along with numbers.

Conclusion:
This article is for everyone including web development companies in India to protect their personal information like username, password. Countermeasures suggested above should be implemented.

No comments:

Post a Comment