Scribd Logo
Upload

Welcome to Scribd!

  • Password Attacks - Computer Forensics & Cyber Security

    Uploaded by

    Sejal Kavlekar
    3 views11 pages
    This document summarizes password attacks and best practices for password management. It describes common types of password attacks like brute forcing, dictionary attacks, and credential stuffing. It notes that 81% of data breaches in 2020 were due to compromised credentials. The document then recommends ways to prevent password attacks, including using multi-factor authentication, secure remote access, biometrics, and educating users on strong password hygiene. It provides an example of a 2009 password attack on a Twitter account and emphasizes the importance of secure password storage, regular password changes, and two-factor authentication for effective password management.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes password attacks and best practices for password management. It describes common types of password attacks like brute forcing, dictionary attacks, and credential stuffing. It notes that 81% of data breaches in 2020 were due to compromised credentials. The document then recommends ways to prevent password attacks, including using multi-factor authentication, secure remote access, biometrics, and educating users on strong password hygiene. It provides an example of a 2009 password attack on a Twitter account and emphasizes the importance of secure password storage, regular password changes, and two-factor authentication for effective password management.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views11 pages

    Password Attacks - Computer Forensics & Cyber Security

    Uploaded by

    Sejal Kavlekar
    This document summarizes password attacks and best practices for password management. It describes common types of password attacks like brute forcing, dictionary attacks, and credential stuffing. It notes that 81% of data breaches in 2020 were due to compromised credentials. The document then recommends ways to prevent password attacks, including using multi-factor authentication, secure remote access, biometrics, and educating users on strong password hygiene. It provides an example of a 2009 password attack on a Twitter account and emphasizes the importance of secure password storage, regular password changes, and two-factor authentication for effective password management.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    PASSWORD ATTACKS

    PRESENTED BY :-
    SEJAL S NAIK
    SUDINI N TELI
    SIMRAN PADELKAR
    WHAT IS IT?

    • Maliciously authenticate into password-protected accounts.

    • Most common forms of corporate and personal data breach.

    • Typically facilitated through the use of software that expedites cracking or guessing
    passwords.

    • A password attack is simply when a hacker try to steal your password.


    TYPES OF PASSWORD ATTACKS

    The most common attack methods include:


     Brute forcing: guessing a password by iterating through all possible combinations of
    the set of allowable characters.

     Dictionary attacks: guessing passwords by iterating through commonly used


    passwords, such as words found in the dictionary and simple variations on them.

     Password spraying: trying a small number of common passwords against many


    accounts in hopes of accessing at least one of them.

     Credential stuffing: utilizes breached usernames and passwords to attempt (or


    “stuff”) a large number of login requests into a different website in hopes that some
    users have reused the breached usernames and passwords.
    In 2020, 81% of data breaches were due to compromised credentials.
    Because it can only contain limited letters and numbers, 
    passwords are becoming less safer.

    Hackers know that many passwords are poorly designed, so password attacks will
    remain a method of attack as long as passwords are being used.
    HOW TO PREVENT
    The best way to fix a password attack is to :

    • adopt best practices for password hygiene and management.

    • avoid one in the first place i.e. proactively investing in a common security policy that includes:

     Multi-factor authentication. Using a physical token (like a YubiKey) or a personal device


    (like a mobile phone) to authenticate users ensures that passwords are not the sole gate to
    access.

     Remote access. Using a smart remote access platform like OneLogin means that individual
    websites are no longer the source of user trust. Instead, OneLogin ensures that the user's
    identity is confirmed, then logs them in.

     Biometrics. Enabling biometric authentication turns your password into only one of several
    points of trust that a hacker needs to overcome.
    Easy-to-hack environments that have a weak security posture are much more appealing to
    opportunistic cybercriminals.
    Boosting password security significantly improves your ability to avoid a data breach.
    One should also limit access to privileged accounts and add additional security layers for those
    accounts.
    Educating everyone about password security is also a proven means of prevention.
    With security breaches becoming the new norm, each individuals can play a key role in maintaining
    their security posture.
    Password best practices include:
    • Requiring long, complex passwords that are unique for each website or account
    • Implementing multi-factor authentication whenever possible
    • Adopting a password manager to simplify password management and to ensure secure
    storage
    On Sunday, January 4th, 2009, a hacker known only as GMZ, used a tool he
    developed to launch a dictionary attack against the account of a Twitter user
    named Crystal.
    The program ran for several hours overnight automatically trying different
    English words. When “he checked the results Monday morning at around 11:00
    a.m. E.T., he found he was in Crystal’s account.”
    GMZ soon realized that Crystal was actually a Twitter staffer with administrative
    privileges. He was able to compromise several high-profile accounts by resetting
    their passwords and making them available to fellow hackers.
    Some of these included the accounts of President Elect Barack Obama, Britney
    Spears, CBS News and Fox News.
    PASSWORD MANAGEMENT

    What is PASSWORD MANAGEMENT?

    • set of principles
    • best practices to store and manage passwords in an efficient manner
    • preventing unauthorized access
    HOW TO MANAGE PASSWORDS

    • Use strong and unique passwords for all websites and applications
    • Reset passwords at regular intervals
    • Configure two-factor authentication for all accounts
    • Securely share passwords with friends, family, and colleagues
    • Store all enterprise passwords in one place and enforce secure password policies
    within the business environment
    • Periodically review the violations and take necessary actions.
    REFERENCES
    • https://www.onelogin.com
    • https://www.sailpoint.com
    • https://cisserv1.towson.edu
    • https://www.cisecurity.org
    • https://www.itprotoday.com
    • https://www.zoho.com

    You might also like