Because around 6.5 million passwords are cracked every day, it's important that you understand the threat that hackers pose. Securing your network with a strong password is essential. If you don't understand how hackers can crack passwords and how you can combat them, you're more susceptible to data breaches.
But how does password cracking work, exactly? Read on for a quick but comprehensive guide.
Password Cracking and Storage: The Basics
Password cracking takes place when cybercriminals correctly guess your password and gain access to your devices and networks. They don't do this manually but rather by using professional tools.
As of 2022, no one stores passwords in plain text. This is not secure and you should avoid sites that show your password with plain text. Instead, once you create a password, it should be encrypted and stored within the system.
Encryption means that you can enter a simple word like "thriller" and have it come out looking like 9360404e4f35ac209099b0fce8615971c8e89d2ab06348841d708bc3f20d28e3. This unreadable strong is called "password hash." The user enters their password into the system, the system converts it into the hashed password, and the system then compares that hash to the hash that it has stored in their system.
This means that no one apart from the user knows the password.
What Is Salt?
"Salt" refers to something added to a user password before encryption takes place. Prior to salt's use, there would be many equal password hashes that looked exactly the same. This is because many users on a database may use the same single-word password or common password.
If multiple people have the word "thriller" as their password, there will be many 9360404e4f35ac209099b0fce8615971c8e89d2ab06348841d708bc3f20d28e hash sequences. People also tend to have memory-jogging notes. If one person writes "Michael Jackson song," the hacker can try different titles and crack every password in one go.
Before a system encrypts the word "thriller," it will automatically add a "salt" sequence. One user may get "thrillerwqiQAW" encrypted while another might get a hash for "thrillerritPON." On the user end, both people can enter the password "thriller," but they will have distinct hash codes.
This gives users an extra layer of security. So, how can the password be cracked? There are two core password cracker methods: brute force and dictionary cracking.
In a Brute Force attack, cracking software tries all possible combinations. There are about 70 possible characters for each symbol, so a one-letter password could be cracked in minutes.
This may sound scary, but a 10-character password would have around 2,824,752,490,000,000,000 possible combinations. The average CPU would take literally billions of years to crack this password. A long password can protect your computer in this way.
Dictionary cracking happens when hacking software takes a long list of common passwords and tries each of them. These common passwords will be encrypted and compared to the target hash. If hashes match, the hacker has the password.
If your password is unique and strong, it's unlikely to crack. If it's common, hackers can crack it in a few hours. Make sure to get the biggest password list available so that you can prepare.
Protect Your Digital Data Today
While password cracking is a huge problem, it's one that you can preemptively combat.
Now that you know some of the ways that cybercriminals steal information, it's time to get more information on creating stronger passwords and maintaining security features. Contact us with any remaining questions that you have about password hacking and securing your network.