The topic of password strength is an important one, especially since passwords are used everywhere these days. When creating a password, it is generally a good idea to make it at least 8 characters and use numbers throughout it. Using symbols will make it even stronger. Let’s go over some reasons why weak passwords are bad and talk about common methods that are used to crack them.
The first and most obvious reason that weak passwords are bad is they are easy to crack. One of the most commonly used methods for cracking weak passwords is called a dictionary attack. This is when someone takes a huge list of words and runs each word against your password to see if it can be revealed. There are many “custom” dictionaries floating around the internet specifically for this purpose. To the attacker, the benefit of a dictionary attack is it’s incredibly fast and will usually reveal most weak passwords with no numbers or symbols. A major drawback of dictionary attacks is they rely on the password being weak and using a word that’s in the list (usually an English word). Therefore, it is important to not use an English word that may be in a dictionary as your password. Many of the custom dictionaries have been modified so they will catch words like “passwd” and other words with numbers attached to the end. Sometimes, patterns of numbers like “123456” are included.
If you use the same password for most everything you use, you’ll want to pay attention to this point. If you’re using a weak password and someone attempts to crack it using a dictionary attack, there’s a relatively good chance that they will succeed. If that’s the case, attackers will try the credentials they just stole from you on other sites as well. It’s fairly common for people to use the same password for multiple services. Now, not only has someone gained your information for one site, but for many sites. By using a weak password in combination with reusing it at other places, you’re effectively compromising many of your accounts.
Let’s take an example of someone using a stronger password with numbers and symbols, but only 4 characters in length. There is another method of cracking passwords that’s called a brute-force attempt. This method will try to guess the password in question using every combination of letters, numbers, and symbols possible. The major drawback to brute-force attacks is that they can take an incredibly long time, and are sometimes impractical due to this reason. Brute-force attacks take considerably more time for each additional character a password has. So you can imagine that a password that’s 4 characters in length wouldn’t take nearly as long to crack as a password that’s 10 characters or more.
As you can see, it’s not just using numbers, symbols, and a mix of capital and lowercase letters that makes a password strong. The password’s length contributes an enormous amount to its strength. Also, keep in mind that sometimes brute-force attacks are combined with dictionary attacks to improve speed and efficiency. Sometimes this is effective, sometimes it’s not. It really all comes down to the password in question.