• Methods used by attackers to crack or recover passwords

Types of password attacks

1. Brute Force
2. Dictionary
3. Password Spraying
4. Hybrid

Brute Force Attack

• Tries every possible character combination until the correct password is found out
• Effective for simple passwords but time-consuming for complex ones
• Mitigation
  • Increasing password complexity and length
  • Limiting login attempts
  • Using multi-factor authentication
  • Employing CAPTCHAS

Dictionary Attack

• Uses a list of commonly used passwords (a dictionary) to crack passwords
• May include variations with numbers and symbols
• Effective against common, easy-to-guess passwords
• Mitigation
  • Increase password complexity and length, limit login attempts, use multifactor authentication, and employ CAPTCHAS

Password Spraying

• A form of brute force attack that tries a few common passwords against many usernames or accounts
• Effective because it avoids account lockouts and targets weak passwords
• Mitigation
  • Use unique passwords and implement multi-factor authentication

Hybrid Attack