Have you ever had your Facebook account hacked into? If so, you were probably the victim of a Dictionary attack. This article will explain everything you need to know about these kinds of attacks, especially how you can prevent them.
What is a Dictionary Attack?
A Dictionary attack is a type of Brute-Force attack that uses a list of words to gain access to someone’s password. These attacks work on the premise that most internet users still create passwords that are easy to guess. Easy passwords are passwords that use:
- A user’s name or a variation of it.
- The name of a user’s relative.
- A pet’s name.
- Favorite food/drink.
- Favorite car.
- Birthdays and anniversaries.
- A simple numerical combination.
How Does a Dictionary Attack Work?
There are two things that an attacker needs to perform a successful dictionary attack. The first is the target’s local database. If the attacker is successful, he’ll get a list of hashed passwords (think of this as an encrypted password) that the attacker can compute (crack).
Usually, an attacker will have a long list of pre-computed hashes. The attacker will then run through the whole list until the target’s password is found. This is where the name “Dictionary attack” comes from. The list of pre-hashed passwords acts like a dictionary an attacker can go through. What makes this attack even more potent is that there is a limited amount of hash algorithms, so cracking a hash isn’t as difficult as one would think. People also tend to use similar and common passwords. All this does is make it easier for someone to compound a dictionary for future attacks.
How to Protect Yourself from a Dictionary Attack?
There are two ways you can protect yourself from a dictionary attack.
Protect Your Local Database
The first way deals with protecting your local database from being stolen. For this kind of defense, you need a VPN. A VPN will encrypt your data and re-route all of your traffic through a secure server. When you traffic is re-routed it becomes almost impossible for someone to even monitor your traffic, let alone steal something off your local database. In other words, a VPN will protect you from the possibility of being a victim of a dictionary attack.
I suggest using a VPN known for its security, like ExpressVPN. ExpressVPN offers its users military-grade encryptions and the latest VPN protocols. Consider installing your VPN onto your router to ensure that all of your connected devices are protected simultaneously.
Complicate Your Passwords
The second way you can avoid being a target for dictionary attacks is by complicating your password. As I mentioned above, dictionary attacks use a pre-hashed list of common passwords and password variations. If you use a password that isn’t on that list, then you’re safe. Here’s how you can guarantee that your passwords are strong enough to hold against dictionary attacks and brute-force attacks:
- Use long passwords. Never have a password that has less than 8 characters.
- Use a variation of upper case and lower case letters. Add in some symbols to go the extra mile.
- DO NOT use your family name, your name, the name of a relative, or of a pet in your password.
- DO NOT use simple words that one can find in a dictionary.
- Avoid logging in or creating a password for any HTTP website. Always make sure that the website you’re signing in to is a secure HTTPS site.
For now, it’s advised that users either have one of these two types of passwords: (1) A mix of random upper case letters, lower case letters, and symbols. (2) Four random unrelated words stringed together (as random as Correct Horse Battery Staple).
Be careful with the second option, though. You need to be sure that none of the words are related in any way. It’s also always better to steer clear from common phrases and word combinations, as those usually have a pre-hashed password on the attacker’s list.
Check out this website if you want a way to create random, strong, and original passwords.
Dictionary Attacks – Final Thoughts
That is all you really need to know about Dictionary Attacks. Remember, as technology is progressing, so are the tools in an attacker’s arsenal. Your password is the last line of defense you have before someone gains access to your information. Always use strong passwords, and never repeat the same password for different systems.