Types of password attack and how it's work

 how it's work

The typical process followed by a password cracker includes these 

four steps:

Steal passwords by some nefarious means. That password is 

encrypted before it is stored using a hash. Hashes are mathematical 

functions that transform an input of arbitrary length into an 

encrypted fixed-length output.

Choose a cracking method, such as a brute-force or dictionary 

attack, and choose a cracking tool.

Prepare password hashes for cracking programs. This is done by 

providing an input to the hash function to create a hash that can be 

authenticated.

Run the cracking tool.

A password cracker may also be able to identify encrypted 

passwords. After retrieving the password from the computer's 

memory, the program may be able to decrypt it. Or, using the same 

algorithm as the system program, the password cracker creates an 

encrypted version of the password that matches the original.

password attack

1. Brute force attack

A brute force password attack is essentially a guessing game where the hacker tries various password combinations using the hacking software until they are able to crack the code. These hackers hope that their victims either reuse a password that has already been compromised or use a common phrase such as "12345".

 

2. Credential Stuffing

Credential stuffing is also a type of brute force attack that uses stolen credentials to break into your online accounts and profiles. In addition to using spyware and other types of malware to get what they want, the dark web often contains lists of compromised passwords for cybercriminals to use for their devious schemes. . Hackers can use these lists to carry out their credential stuffing schemes and exploit your data.

 
3. Social Engineering

Cyber thieves have a variety of skills - one of which is creating trustworthy websites. Password hackers create what are known as social engineering websites that they design to look like legitimate login pages. These cyber criminals send you to a fake login field that will not give you access to your account. It only records the information you type, giving cyber criminals exactly what they want.,

 

4. Dictionary Attack

Another sibling of the brute force attack family is the dictionary attack. These cyber attacks play on our habit of using single-word phrases as our passwords. The hacker can use automated password-guessing software to try each word in a dictionary as your password to see if they have any luck.

More advanced dictionary attacks Hackers develop a list of keywords specific to your life, such as birth dates, siblings/pet names, and/or past street names.

 

5. Keylogger Attack

A keylogger is spyware that is used to track and record what you type on your keyboard. Despite being legal to use, based on logic, hackers take advantage of this software by intentionally infecting vulnerable devices and recording private information without their knowledge.

 

6. Data Leak or Password Spray Attack

Password spraying is when a hacker uses a large number of stolen passwords – sometimes in the millions – on a small number of online accounts to see if they can gain access. Hackers use advanced automated password-guessing software that limits the number of attempts that can be made on an account. This prevents them from triggering security alerts and continues to try under the radar.

 

7.phishing

Password phishing attacks often come in the form of emails or text messages, diverting your attention to an urgent matter. The hacker may combine these messages with a link to a strategically designed social engineering website designed to trick you into logging into their profile. These websites will record the credentials you type in, giving an attacker direct access to your real account.

 

8. Man-in-the-middle attack

A man-in-the-middle attack uses phishing messages to pose as a legitimate business in order to accomplish the following goals:

Use malicious attachments to install spyware and record passwords

Embed links to social engineering websites to trick people into compromising their credentials

 

9. Traffic Interception

Traffic interception is also a type of man-in-the-middle attack. This is when password crackers eavesdrop on network activity to capture passwords and other types of sensitive information. There are several ways cyber criminals do this, one of which is to monitor unsecured Wi-Fi connections. But they can also use a tactic called SSL hijacking – when a cyber criminal intercepts the connection between a target and the legitimate site they are on and records any information shared between the two.

 

10. Shoulder surfing

Being aware of your physical surroundings is just as important as spotting suspicious activity online. One way hackers get passwords is by looking over people's shoulders in public as they type. People often focus on entering their password only to find that a nosy neighbor is looking out for them.