The Hacker News recently published an article (see link below) which identified three common password cracking techniques used by hackers.
The article introduction began by stating that "passwords are rarely appreciated until a security breach occurs" and "the importance of a strong password becomes clear only when faced with the consequences of a weak one"!
Which begs the qustion, how vulnerable are the passwords you use to the most common password-cracking methods?
Three Common Password-cracking Methods
Brute force attack
Quote: "Brute force attacks are straightforward yet highly effective techniques for cracking passwords. The advent of affordable computing power and storage has made them even more efficient today, especially when weak passwords are used."
How should you respond?
Choose strong, complex passwords and multi-factor authentication (MFA) to protect against brute force attacks.
Dictionary attack
Quote: "In a password dictionary attack, cyber attackers try to gain access by using a list of common passwords or words from a dictionary. This predetermined word list typically includes the most often used words, phrases, and simple combinations (i.e., "admin123"). These attack types are especially effective against weak or easily guessable passwords."
How should you respond?
Use a combination of letters, numbers, and special characters, and avoid using common words or easily guessable phrases.
Rainbow table attack
Quote: "A rainbow table attack uses a special table (i.e., a "Rainbow Table) made up of precomputed strings or commonly used passwords and corresponding hashes to crack the password hashes in a database."
How should you respond?
Use strong database hashing algorithms (e.g. bcrypt, scrypt) in the password creation process.
This attack relates to your choice of database hashing algorithm and is something you cannot directly influence.
Reason: the database encryprion algorithm used by your Joomla! CMS website will depend upon the range of choice provided by your Hosting Provider.
You could however ask your hosting provider if they support Bcrypt.
Bcrypt is the password hashing algorithm recommended by Akeeba, developer of Akeeba Admin Tools Web Application Firewall.
Overall we found this article both interesting and useful.
Read it for yourelf at the following link.
Read more: Three Password-cracking Techniques and How to Respond
Key takeaway if you got this far
Use strong long complex passwords comprising a combination of letters, numbers, and special characters.
Avoid using common words or easily guessable phrases.
Be proactive when engaging with your website's hosting provider: ask them which password hashing algorithm is used by their database application.
About The Hacker News
"The Hacker News (THN) stands as a top and reliable source for the latest updates in cybersecurity. As an independent outlet, we offer balanced and thorough insights into the cybersecurity sector, trusted by professionals and enthusiasts alike."
Subscribe to The Hacker News newsletter when you visit the following link.
And keep up to speed with the latest security threats affecting your Operating System, Web Browser and Website.
More about WYNCHCO Solutions
Our Mission
Ken Edwards - Company Founder
We help and support managers responsible for Joomla! CMS websites in UK business and third sector organisations which subscribe to WYNCHCO Joomla! CMS Help and Support.
We support organisations in Cheshire, Manchester, Merseyside, and the North West region from our office in Warrington. If you are based in the UK but outside the North West, we can still help.
Our Mission is to put you in control of your website.
We enjoy keeping up-to-date with the latest Joomla! developments, trends and best practices and sharing our expertise with you to help you more effectively manage your Joomla! CMS website.
We work hard to develop and maintain long-lasting customer relationships.
The WYNCHCO Customer Care Code
We aim to deliver excellent support to our customers at all times.
We pride ourselves on building long-standing close-working relationships with our customers.
Key words
- Collaboration.
- Flexibility.
- Shared Purpose.
- Trust.
Our commitment
To provide you with:
- accurate and up-to-date product information,
- helpful solutions to support requests,
- transparent invoicing,
- SSL encryption when you visit our website.
To monitor our services to ensure optimal performance.
To safeguard your personal data.
To resolve your concerns promptly and professionally.
To pay our suppliers promptly and in return ask that our customers do the same.
