What is Dictionary Hacking & How Do I Defend Against It?

What is Dictionary Hacking & How Do I Defend Against It?

There are a number of tools that hackers use to breach accounts, hack into routers, and gain access to cloud resources. One of the most popular tools for hacking logins is called Dictionary Hacking.

This is where a hacker will try a “dictionary” full of different login credentials until they hit upon one that works. Of course, doing this manually would take an inconveniently long time, so instead they use software programs that automate the process.

Approximately 80% of all hacking-related data breaches involve stolen or compromised login credentials.

Understanding how dictionary attacks work is a first step in safeguarding your business network against them. In this article, we’ll go through all the basics, plus explain how you can defend your network from dictionary hacking.

How Dictionary Attacks Work

In a dictionary attack, a hacker is literally using a cracking dictionary that can contain tens of thousands or millions of common passwords and passphrases. These can be everything from the easy ones (password123) to passwords related to sports team names or pop culture.

These cracking dictionaries can also contain real username and password combinations that were stolen in a data breach. Credential theft has become a number one activity for hackers.

According to Verizon’s Data Breach Investigations Report, the main form of malware now used in data breaches are password dumpers.

An automated dictionary attack can try multiple combinations of passwords, changing one letter here or there, and run through them at record pace.

Now, you might wonder, “How can a hacker try so many passwords when if I enter my password wrong three times in a row, I get locked out of an account?”.

The trick is going offline to do the cracking.

Going Offline

One of the keys to successful dictionary hacking is to allow the software to try multiple passwords while it’s offline. Thus, the hacker is not drawing any attention from a network administrator or monitoring system. It also solves the issue with password attempt limits that automatically lock accounts, which were designed to stop this type of password hack.

What the hacker does is download certain cryptographic keys from a site that allows them to run the software cracking activities offline. Then once a workable password is found, they can go online and gain access to the account.

Tactics to Prevent Dictionary Hacking

There are a number of safeguards you can put in place to prevent dictionary hacking and the compromise of your cloud services accounts, company Wi-Fi, website, and email accounts.

Use Multi-Factor Authentication (MFA)

Using MFA can block a majority of account compromises including those using dictionary hacking. What it does is add one more step in the sign-in process that requires a code be entered. That code is sent to a pre-registered device (usually a smartphone) at each login attempt.

The code is unique for each login and is time sensitive. Usually the user has about 5-10 minutes to enter it to gain access.

A hacker can’t get past MFA unless they have the users’ physical device that receives the login code. In most cases they would not have access to this. So, even if a hacker manages to crack the password, they’re blocked from gaining account access by MFA.

Upgrade to a Wi-Fi 6 Router with WPA 3

One of the big security updates in Wi-Fi 6 routers is the new WPA 3 security protocol designed to increase network security significantly. It includes a protection against dictionary hacking that makes it more difficult.

The security mechanism in WPA3 uses a unique user password for each connection. So, every time the network is connected to, the password changes. This means that if a hacker goes offline to crack the network password, when they went back online to try to use it, the password would have changed.

This makes it very difficult for a hacker to gain access to a router through dictionary hacking, thus it increases network security by reducing the risk of a “man in the middle” attack, where a hacker gains access to a network in order to spy on user activities.

Use of Captchas

Dictionary hacking attempts can also be used on website administrative logins, for example on a WordPress site. A way to stop an automated attack is to implement a form Captcha, which requires some type of human interaction with the form to go through the Captcha element before access is granted.

Captchas can also be helpful for keeping out automated spam form submissions through your site.

Improve Your Network Security by Upgrading to Wi-Fi 6

Is your router upgraded to the newest security protocol? Neuron Computers can help your San Fernando Valley area business with an upgrade to Wi-Fi 6 with the WPA 3 security protections.

Contact us today to schedule a free consultation. Call 1-833-4-NEURON or reach us online.