How Hackers Crack Passwords

Hello there!
From time to time, we at the business desk are pleased to bring you articles
that can help you to deal more effectively and efficiently with the wide
world of technology. If you are struggling to keep up or are a bit lost
when it comes to being able to do things on your own without having to ask
or pay for help then we invite you to read on.
Today we have a great little article for you;
How Hackers Crack Passwords
We hope you find this article useful. Have a great day.
The business desk team
Follow us on Twitter @accessibleworld
+++++++++++++++
How Hackers Crack Passwords
tell them what you’re doing beforehand,
or they might attempt to hide what
they’re typing or where they’re looking for
their password. Just be careful
doing this and respect other people’s
privacy.
Countermeasures
Encourage users to be aware of their
surroundings and not to enter their
passwords when they suspect that
someone is looking over their shoulders.
Instruct users that if they suspect someone
is looking over their shoulders
while they’re logging in, they should
politely ask the person to look away
or, when necessary, hurl an appropriate
epithet to show the offender that
the user is serious.
It’s often easiest to just lean into the
shoulder surfer’s line of sight to
keep them from seeing any typing and/or
the computer screen. 3M Privacy
Filters work great as well.
Inference
Inference is simply guessing passwords
from information you know about users
– such as their date of birth, favorite
television show, or phone numbers.
It sounds silly, but criminals often
determine their victims’ passwords
simply by guessing them!
The best defense against an inference
attack is to educate users about
creating secure passwords that don’t
include information that can be
associated with them. Outside of certain
password complexity filters, it’s
often not easy to enforce this practice
with technical controls. So, you
need a sound security policy and ongoing
security awareness and training to
remind users of the importance of secure
password creation.
Weak authentication
External attackers and malicious insiders
can obtain – or simply avoid
having to use – passwords by taking
advantage of older or unsecured
operating systems that don’t require
passwords to log in. The same goes for
a phone or tablet that isn’t configured to
use passwords.
Bypassing authentication
On older operating systems that prompt
for a password, you can press Esc on
the keyboard to get right in. Okay, it’s hard
to find any Windows 9x systems
these days, but the same goes for any
operating system – old or new – that’s
configured to bypass the login screen.
After you’re in, you can find other
passwords stored in such places as
dialup and VPN connections and screen
savers. Such passwords can be cracked
very easily using Elcomsoft’s Proactive
System Password Recovery tool and
Cain & Abel. These weak systems can
serve as trusted machines – meaning that
people assume they’re secure – and
provide good launching pads for
network-based password attacks as well.
Countermeasures
The only true defense against weak
authentication is to ensure your
operating systems require a password
upon boot. To eliminate this
vulnerability, at least upgrade to Windows
7 or 8 or use the most recent
versions of Linux or one of the various
flavors of UNIX, including Mac OS X.

This entry was posted in Uncategorized. Bookmark the permalink.