Dictionary attacks are a kind of cyberattack wherein the hacker employs an automated tool along with a list of random words, in hopes that the tool guesses the correct password. The “dictionary” describes the involvement of a list of words naturally arranged like in a dictionary. Instead of a brute force-style attack, this list makes it much easier.
Sources for the content of the dictionary
- Frequently used passwords: The attackers often have a list of commonly used passwords and can also source from dark web databases.
- Easy-to-guess words and their variations: Hackers can track the commonly used words and from there map out a possible list of words the user could use and create a dictionary.
- Information from phishing: Through the use of social media tracking, hackers may spend time observing the victim, and getting enough info to launch an attack. The info usually includes pet names, addresses, kids names and frequent locations they visit.
How to prevent dictionary attacks
- Download a password manager to generate secure and unique passwords as well as store them securely.
- Avoid the use of plain or predictable words. Ensure your passwords are a series of random characters mixed in with numbers, all of which should also be mixed in upper and lower case. Do not make generic additions of numbers at the end, those are easy to guess.
- Don’t repeat passwords, to reduce the likelihood of your accounts all suffering because of one successful attack.
- Frequently update your passwords, if hackers can make out your passwords, they will continue to try it until you do.