It’s always important to have a password that is difficult for others to guess. It’s also important to make sure that a password has numbers, capital letters, and special characters in order for it to be even harder for hackers to access your accounts. A password acts as a locked door, and only people with the right key should be able to access them. Sometimes, just like with locked doors, someone who wants to get in badly enough will break down the door by sheer force.
In the world of hacking, attacks like those are called “brute force” hacks.
Brute force hacks work by using automated software that enters password after password until a match is found. The software can go after almost every word out there, and almost every combination of letters or numbers too. It uses common dictionary words along with random combinations of numbers provided by a master word list. Once they stumble upon the combination of letters and numbers that you use, that’s it – the “door” becomes unlocked.
However, there is some good news when it comes to brute force attacks: such software has its limitations. Certain software won’t allow large passwords to be hacked. Others will not be able to add numbers, special characters or spaces into their guesses. Others can’t handle encryption or carry all the different network protocols that one may need to get access. Furthermore, brute force attacks are slow, often taking days to crack a single password.
In other words, there’s still a chance the Brute Force program a hacker is using might not crack your password if you work hard at making a strong enough password. This is also why so many sites ask users to add numbers and symbols to passwords, or meet a minimum length for a password to be considered valid. Longer passwords and those with numbers are less likely to be on a master list of words for the software to try. For example, while “dog” might be on the list, “dOg!35#” is unlikely to be a guess for the software to try.
Site owners can also prevent brute force hacking by delaying access to an account after a certain number of tries. This keeps the programs from being able to do too much damage per username. You can also prevent brute force attacks by making it difficult for hackers to figure out the proper format of a username since many brute force programs will often involve username guessing as well.
Lastly, adding a CAPTCHA task to every login makes brute force attacks take a much, much longer time. CAPTCHAs require users to enter words or numbers that cannot be “seen” by a simple program. This basically forces the hacker to waste time proving that the user is human which takes a lot of time to do so over and over again. The longer it takes, the more likely it is that hackers will give up and fail on their endeavor.
While brute force attacks are capable of doing a lot of damage, the right prevention methods will make these attacks harder to carry out to completion. Using a bit of foresight when planning out your website can seriously improve your chances of avoiding the problems that come with having hackers guess the passwords and usernames of your users. So next time go for something harder to guess rather than your using your pet’s name and birthday or street address.