Dictionary Attack

Dictionary attack is a way of breaking into a password protected computer system, network or other information technology (IT) resource by entering every word in a the traditional dictionary as a password in a very methodical manner.

Dictionary attack is a cyberattack to reveal passwords by using every possible combination of passwords in a predefined collection of passwords. And it is a kind of brute-force attack that cybercriminals technically attempt every word in a dictionary as a form of password for a given system to gain unauthorized access. Moreover, cyber attackers use common and easily identifiable words and phrases from the dictionary to crack passwords in a short period of time, instead of spanning the whole dictionary. The Dictionary attacks occur when a file of common words is run against user accounts of a system. This is greatly assisted by the inclination of people to usually employ simple and easy-to-remember password combinations. Therefore, using complex and strong password goes a long way in preventing dictionary attacks in enterprise systems and applications.

Dictionary attack is no more performed by manual endeavors rather it is done by automated tools that are capable of trying every possible words in the standard dictionary. Some of the most popular tools that cybercriminals use to exploit and crack passwords of information systems through dictionary attacks include the following:

• Aircrack-ng
• John the Ripper
• L0phtCrack
• Rainbow Crack
• THC Hydra
• Ophcrack
• Hashcat
• Ncrack
• DaveGrohl
• AirCrack
• Cain and Abel
• Password Cracker
• More

The best methods to prevent dictionary attacks include the following:

• Use strong and complex passwords
• Use CAPTCHA
• Lock accounts after some login attempts
• Change passwords regularly
• Don’t’ use the same password for different accounts
• Disable root or administrative accounts when possible
• Use multifactor authentication (MFA)
• Use a Virtual Private Network (VPN)
• Avoid using pubic Wi-Fi networks