Password attacks are personalized attacks on a certain device. There are two types of password attacks: lost password attacks and guessed password attacks.
Types of Password Attacks
Lost Password Attacks
This is when the attacker has physical access to the device and can perform various methods of extracting passwords. For example, they could hook the phone up to a computer and run John the Ripper or similar software that attempts to brute-force the device’s password.
This type of attack is rare, especially with mobile devices because it requires an attacker to physically have possession of the device.
Guessed Password Attacks
These are far more common, especially with mobile devices. They are performed remotely by intercepting network communications or by retrieving files from the device itself. For example, an attacker may retrieve a file containing saved passwords and use those as a starting point for their attack.
Password Types
There are many different types of passwords. In general, passwords fall into one of three categories: numeric, alphabetic, and biometric. Each has its strengths and weaknesses:
Numeric Passwords
Numeric passwords are great for convenience and speed but terrible for security. This is because numeric passwords only have 10 characters (0-9) that can be used for creating a password, making it extremely easy to brute-force with even modest computing power.
Moreover, numeric passwords are also generally case insensitive, meaning that ‘12345678’ and ‘12345678’ are identical in terms of password strength. That means an attacker only needs to try 10^10 or 10 billion possible combinations to guess your password! The solution here is simple – create long numeric passwords (containing uppercase and lowercase letters), or use biometric authentication instead.
Alphabetic Passwords
These are the most common type of passwords. They are generally much more secure than numeric passwords but are still vulnerable to brute-forcing with modern hardware (10^15 possible combinations). This can be overcome by creating long alphabetic passwords.
Biometric Passwords
These are the strongest type of passwords as they use a physical characteristic of the user to authenticate them. A fingerprint or retina scan is a good example of a biometric password. However, if someone has physical access to your device they can easily steal your biometric data and use it to authenticate themselves, so it is vital that biometric data cannot be easily copied and that you do not also store passwords in a file on the device itself.
Techniques for creating strong passwords
Strong passwords are critical for any account that stores sensitive information, including financial accounts and social networking accounts. Here are some steps you can take to create a strong password:
- Create long passwords containing multiple types of characters (upper case, lower case, numbers, and symbols)
- Use different passwords for each account
- Ensure that you don’t reuse the same password for multiple accounts (creating strong passwords is tedious, so people often end up reusing them)
- As an additional security measure, use a password generator.
In summary, passwords are a critical part of the security of any electronic device. With care, you can create strong passwords that will prevent attackers from accessing your accounts and sensitive information.