Attacking and Protecting Passwords: A Comprehensive Overview
VerifiedAdded on 2023/06/09
|9
|1932
|469
Report
AI Summary
This report provides a comprehensive overview of password security, delving into various attack methods and countermeasures. It begins by defining passwords and then explores different types of attacks, including brute-force, reverse brute-force, dictionary, keylogger, social engineering, offline cracking, and password reset attacks. Each attack type is described in detail. The report then outlines effective countermeasures to mitigate these attacks, such as account lockouts, data obfuscation, delayed server responses, password encryption, employee awareness training, and reactive password checking. Finally, the report discusses different authentication methods used to preserve passwords, including authentication by the operating system, network, and database. The report aims to equip readers with a solid understanding of password vulnerabilities and effective strategies for protecting against them.
Attacking and Protecting Password
Name of the Student
Name of the University
Author’s Note:
Name of the Student
Name of the University
Author’s Note:
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1
Table of Contents
Introduction................................................................................................................................2
Discussion..................................................................................................................................2
Definition of Passwords.........................................................................................................2
Types of Password Attacks....................................................................................................3
Countermeasures or Prevention of Passwords with Cracking Attacks..................................4
Authentication Methods Used for Preserving Passwords......................................................5
Conclusion..................................................................................................................................6
References..................................................................................................................................7
Table of Contents
Introduction................................................................................................................................2
Discussion..................................................................................................................................2
Definition of Passwords.........................................................................................................2
Types of Password Attacks....................................................................................................3
Countermeasures or Prevention of Passwords with Cracking Attacks..................................4
Authentication Methods Used for Preserving Passwords......................................................5
Conclusion..................................................................................................................................6
References..................................................................................................................................7
2
Introduction
Passwords can be defined as the string of characters that are utilized for verifying the
identity of any specific user during the process of authentication (Li et al., 2013). There are
various types of password security attacks in today’s cyber world and these are extremely
vulnerable for the user (Chen, Kuo & Wuu, 2014). The most popular password attacks are
brute force, reverse brute force, dictionary attack, keylogger attack, social engineering
attackS, offline cracking of password, resetting of the password and many more.
The following term paper outlines a brief discussion on the attacking and protecting
of passwords. The various types of password attacks are well defined here with proper
description. Moreover, the countermeasures of all these password attacks will also be given
in this term paper. The prevention of the passwords with cracking attacks will be described
here. The final part of the part discusses about the authentication methods, used for
preserving all these passwords.
Discussion
Definition of Passwords
A password can be defined as the string of characters that are used for the
authentication of a user on any computer system. Most of the passwords consist of several
characters that include numbers, letters, symbols and special characters (Li, 2013). Passwords
usually do not consist of any space. It is generally a unique combination of numbers and
letters and never contains actual words. When a user logs into an account, either social media
or bank account, he or she provides his or her username and password. Usernames are usually
public information, whereas passwords are absolutely private to every user.
Introduction
Passwords can be defined as the string of characters that are utilized for verifying the
identity of any specific user during the process of authentication (Li et al., 2013). There are
various types of password security attacks in today’s cyber world and these are extremely
vulnerable for the user (Chen, Kuo & Wuu, 2014). The most popular password attacks are
brute force, reverse brute force, dictionary attack, keylogger attack, social engineering
attackS, offline cracking of password, resetting of the password and many more.
The following term paper outlines a brief discussion on the attacking and protecting
of passwords. The various types of password attacks are well defined here with proper
description. Moreover, the countermeasures of all these password attacks will also be given
in this term paper. The prevention of the passwords with cracking attacks will be described
here. The final part of the part discusses about the authentication methods, used for
preserving all these passwords.
Discussion
Definition of Passwords
A password can be defined as the string of characters that are used for the
authentication of a user on any computer system. Most of the passwords consist of several
characters that include numbers, letters, symbols and special characters (Li, 2013). Passwords
usually do not consist of any space. It is generally a unique combination of numbers and
letters and never contains actual words. When a user logs into an account, either social media
or bank account, he or she provides his or her username and password. Usernames are usually
public information, whereas passwords are absolutely private to every user.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3
Types of Password Attacks
There are various types of password attacks. They are as follows:
i) Brute-Force Attacks: This brute-force attack can be defined as the trial and error
method that is used for obtaining data like passwords or PIN (Jiang et al., 2015).
ii) Reverse Brute-Force Attacks: In any reverse brute-force attack, a particular similar
password is being examined against several encrypted files or usernames.
iii) Dictionary Attacks: The dictionary attacks are the brute-force attacks that are used
for determining the decryption key by simply trying hundreds of similar possibilities.
iv) Key Logger Attack: Key logger attacks occur when any user attempts to search a
specific query from his system (Franchi, Poggi & Tomaiuolo, 2015). The hacker records or
monitors his activity.
v) Social Engineering Attack: Social engineering attacks occur in few steps like
perpetrator investigating background information, then moving to obtain trust and finally
providing stimuli for various actions.
vi) Offline Cracking of Password: Offline password cracking can be defined as the
procedure to recover passwords from data, which is being stored or even transmitted by any
computer system.
vii) Resetting of Password: Resetting of passwords is done, when someone has used a
password for a longer period of time or has forgotten the password (Dua et al., 2013). The
entire password is changed with proper security measures. However, while resetting the
password, attacks can occur by spammers or hackers.
Types of Password Attacks
There are various types of password attacks. They are as follows:
i) Brute-Force Attacks: This brute-force attack can be defined as the trial and error
method that is used for obtaining data like passwords or PIN (Jiang et al., 2015).
ii) Reverse Brute-Force Attacks: In any reverse brute-force attack, a particular similar
password is being examined against several encrypted files or usernames.
iii) Dictionary Attacks: The dictionary attacks are the brute-force attacks that are used
for determining the decryption key by simply trying hundreds of similar possibilities.
iv) Key Logger Attack: Key logger attacks occur when any user attempts to search a
specific query from his system (Franchi, Poggi & Tomaiuolo, 2015). The hacker records or
monitors his activity.
v) Social Engineering Attack: Social engineering attacks occur in few steps like
perpetrator investigating background information, then moving to obtain trust and finally
providing stimuli for various actions.
vi) Offline Cracking of Password: Offline password cracking can be defined as the
procedure to recover passwords from data, which is being stored or even transmitted by any
computer system.
vii) Resetting of Password: Resetting of passwords is done, when someone has used a
password for a longer period of time or has forgotten the password (Dua et al., 2013). The
entire password is changed with proper security measures. However, while resetting the
password, attacks can occur by spammers or hackers.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4
Countermeasures or Prevention of Passwords with Cracking Attacks
i) Brute Force Attack: The simplest method to block or prevent the brute force
attack is by locking out the accounts after a specific number of wrong password is being
attempted.
ii) Reverse Brute-Force Attacks: Reverse brute-force attacks could be prevented
by the obfuscating of data that is encoded for making it extremely tough for any attacker to
identify when this code is being cracked or even by making that attacker do extra work for
testing every guess (Silver et al., 2014).
iii) Dictionary Attack: The most effective counter measure against the dictionary
attacks is Delayed Response. The somewhat delayed response from any particular server can
easily prevent any hacker and spammer from checking the several passwords in a short span
of time. Hence, dictionary attack is prevented.
iv) Key Logger Attack: Key logger attacks can be easily eradicated with the help of
password encryption. Programs on kernel can also remove these types of attacks (Lee, Liu &
Hwang, 2013). These programs easily make the password safe from the key logger attacks
and hence the passwords are safe.
v) Social Engineering Attack: The most efficient countermeasure for the social
engineering is by employee awareness training. The various countermeasures mainly include
training the employees, verifying information contained in the electronic mails and even
defining the values for the information types like the user names, network addresses, dial in
numbers, passwords and many more.
vi) Offline Cracking of Password: The countermeasure for offline cracking of
passwords is in two stages, which are password design stage and after the generation of
Countermeasures or Prevention of Passwords with Cracking Attacks
i) Brute Force Attack: The simplest method to block or prevent the brute force
attack is by locking out the accounts after a specific number of wrong password is being
attempted.
ii) Reverse Brute-Force Attacks: Reverse brute-force attacks could be prevented
by the obfuscating of data that is encoded for making it extremely tough for any attacker to
identify when this code is being cracked or even by making that attacker do extra work for
testing every guess (Silver et al., 2014).
iii) Dictionary Attack: The most effective counter measure against the dictionary
attacks is Delayed Response. The somewhat delayed response from any particular server can
easily prevent any hacker and spammer from checking the several passwords in a short span
of time. Hence, dictionary attack is prevented.
iv) Key Logger Attack: Key logger attacks can be easily eradicated with the help of
password encryption. Programs on kernel can also remove these types of attacks (Lee, Liu &
Hwang, 2013). These programs easily make the password safe from the key logger attacks
and hence the passwords are safe.
v) Social Engineering Attack: The most efficient countermeasure for the social
engineering is by employee awareness training. The various countermeasures mainly include
training the employees, verifying information contained in the electronic mails and even
defining the values for the information types like the user names, network addresses, dial in
numbers, passwords and many more.
vi) Offline Cracking of Password: The countermeasure for offline cracking of
passwords is in two stages, which are password design stage and after the generation of
5
password. Within the password design stage, the users should be well educated regarding the
importance of passwords and should be trained, how this password can be generated
(Garman, Paterson & Van der Merwe, 2015). After the user is educated, he or she can
generate the password and for this purpose, reactive password checking is required. Password
encryption is yet another countermeasure.
vii) Resetting of Password: The best prevention method or countermeasure of
resetting of password is password encryption. This particular method helps to keep the
password in an encrypted format, so that it is not easily cracked by any specific user. When
the password is rest, it is automatically authenticated and protected from any type of attack.
Authentication Methods Used for Preserving Passwords
There are some of the most important and significant authentication methods that are
used for preserving passwords. They are as follows:
i) Authentication by Operating System: This is the first and the foremost method of
authentication for preserving the passwords (Khan, 2013). Oracle permits to use information,
they are maintaining for authenticating the users. When authentication is done by OS, the
users could easily connect to the server, without even specifying passwords and usernames.
ii) Authentication by Network: The second type of authentication method is
authentication by network. This is done by the third party services or by the SSL protocols.
The secure socket layer protocol is the application layer protocol and hence could be utilized
for user authentication to the database (Silver et al., 2014). Regarding third party services, the
most popular examples are PKI or Public Key Infrastructure and Kerberos.
iii) Authentication by Database: Databases can authenticate the users in attempting to
connect to the databases with the help of utilizing information that is being stored within the
password. Within the password design stage, the users should be well educated regarding the
importance of passwords and should be trained, how this password can be generated
(Garman, Paterson & Van der Merwe, 2015). After the user is educated, he or she can
generate the password and for this purpose, reactive password checking is required. Password
encryption is yet another countermeasure.
vii) Resetting of Password: The best prevention method or countermeasure of
resetting of password is password encryption. This particular method helps to keep the
password in an encrypted format, so that it is not easily cracked by any specific user. When
the password is rest, it is automatically authenticated and protected from any type of attack.
Authentication Methods Used for Preserving Passwords
There are some of the most important and significant authentication methods that are
used for preserving passwords. They are as follows:
i) Authentication by Operating System: This is the first and the foremost method of
authentication for preserving the passwords (Khan, 2013). Oracle permits to use information,
they are maintaining for authenticating the users. When authentication is done by OS, the
users could easily connect to the server, without even specifying passwords and usernames.
ii) Authentication by Network: The second type of authentication method is
authentication by network. This is done by the third party services or by the SSL protocols.
The secure socket layer protocol is the application layer protocol and hence could be utilized
for user authentication to the database (Silver et al., 2014). Regarding third party services, the
most popular examples are PKI or Public Key Infrastructure and Kerberos.
iii) Authentication by Database: Databases can authenticate the users in attempting to
connect to the databases with the help of utilizing information that is being stored within the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6
database. For using the database authentication, the user should create an account with the
associated password and then after successfully providing username and password, a
connection is established (Dua et al., 2013). The user passwords are stored within a data
dictionary in the encrypted format.
Conclusion
Therefore, from the above discussion, it can be concluded that passwords are the most
basic security mechanisms, which comprise of the secret pass phrases that are created with
the help of alphabetic, alphanumeric, symbolic characters, numeric or the combination of any
two. These passwords are used for the conjunction of usernames and so that the users can
easily gain access to the devices. However, in spite of having several advantages, these
passwords could be hacked by attackers or hackers with the motive of wrong deeds. The
above term paper has outlined a brief discussion on the passwords and various types of
password attacks. Relevant details are provided regarding the types of password attacks.
Several countermeasures of all these above mentioned password attacks are also provided
here. The prevention or password with the cracking attacks are also given here. The
prevention method that is used for the brute force cracking method and the prevention
method, used for key logger attack are well defined in this term paper. The authentication
methods that are utilized for the preserving of passwords are also given here.
database. For using the database authentication, the user should create an account with the
associated password and then after successfully providing username and password, a
connection is established (Dua et al., 2013). The user passwords are stored within a data
dictionary in the encrypted format.
Conclusion
Therefore, from the above discussion, it can be concluded that passwords are the most
basic security mechanisms, which comprise of the secret pass phrases that are created with
the help of alphabetic, alphanumeric, symbolic characters, numeric or the combination of any
two. These passwords are used for the conjunction of usernames and so that the users can
easily gain access to the devices. However, in spite of having several advantages, these
passwords could be hacked by attackers or hackers with the motive of wrong deeds. The
above term paper has outlined a brief discussion on the passwords and various types of
password attacks. Relevant details are provided regarding the types of password attacks.
Several countermeasures of all these above mentioned password attacks are also provided
here. The prevention or password with the cracking attacks are also given here. The
prevention method that is used for the brute force cracking method and the prevention
method, used for key logger attack are well defined in this term paper. The authentication
methods that are utilized for the preserving of passwords are also given here.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7
References
Chen, B. L., Kuo, W. C., & Wuu, L. C. (2014). Robust smart‐card‐based remote user
password authentication scheme. International Journal of Communication
Systems, 27(2), 377-389.
Dua, G., Gautam, N., Sharma, D., & Arora, A. (2013). Replay attack prevention in Kerberos
authentication protocol using triple password. arXiv preprint arXiv:1304.3550.
Franchi, E., Poggi, A., & Tomaiuolo, M. (2015). Information and password attacks on social
networks: An argument for cryptography. Journal of Information Technology
Research (JITR), 8(1), 25-42.
Garman, C., Paterson, K. G., & Van der Merwe, T. (2015, August). Attacks Only Get Better:
Password Recovery Attacks Against RC4 in TLS. In USENIX Security
Symposium (pp. 113-128).
Jiang, Q., Ma, J., Li, G., & Li, X. (2015). Improvement of robust smart‐card‐based password
authentication scheme. International Journal of Communication Systems, 28(2), 383-
393.
Khan, A. A. (2013). Preventing phishing attacks using one time password and user machine
identification. arXiv preprint arXiv:1305.2704.
Lee, C. C., Liu, C. H., & Hwang, M. S. (2013). Guessing Attacks on Strong-Password
Authentication Protocol. IJ Network Security, 15(1), 64-67.
Li, C. T. (2013). A new password authentication and user anonymity scheme based on elliptic
curve cryptography and smart card. IET Information Security, 7(1), 3-10.
References
Chen, B. L., Kuo, W. C., & Wuu, L. C. (2014). Robust smart‐card‐based remote user
password authentication scheme. International Journal of Communication
Systems, 27(2), 377-389.
Dua, G., Gautam, N., Sharma, D., & Arora, A. (2013). Replay attack prevention in Kerberos
authentication protocol using triple password. arXiv preprint arXiv:1304.3550.
Franchi, E., Poggi, A., & Tomaiuolo, M. (2015). Information and password attacks on social
networks: An argument for cryptography. Journal of Information Technology
Research (JITR), 8(1), 25-42.
Garman, C., Paterson, K. G., & Van der Merwe, T. (2015, August). Attacks Only Get Better:
Password Recovery Attacks Against RC4 in TLS. In USENIX Security
Symposium (pp. 113-128).
Jiang, Q., Ma, J., Li, G., & Li, X. (2015). Improvement of robust smart‐card‐based password
authentication scheme. International Journal of Communication Systems, 28(2), 383-
393.
Khan, A. A. (2013). Preventing phishing attacks using one time password and user machine
identification. arXiv preprint arXiv:1305.2704.
Lee, C. C., Liu, C. H., & Hwang, M. S. (2013). Guessing Attacks on Strong-Password
Authentication Protocol. IJ Network Security, 15(1), 64-67.
Li, C. T. (2013). A new password authentication and user anonymity scheme based on elliptic
curve cryptography and smart card. IET Information Security, 7(1), 3-10.
8
Li, X., Niu, J., Khan, M. K., & Liao, J. (2013). An enhanced smart card based remote user
password authentication scheme. Journal of Network and Computer
Applications, 36(5), 1365-1371.
Silver, D., Jana, S., Boneh, D., Chen, E. Y., & Jackson, C. (2014, August). Password
Managers: Attacks and Defenses. In USENIX Security Symposium (pp. 449-464).
Li, X., Niu, J., Khan, M. K., & Liao, J. (2013). An enhanced smart card based remote user
password authentication scheme. Journal of Network and Computer
Applications, 36(5), 1365-1371.
Silver, D., Jana, S., Boneh, D., Chen, E. Y., & Jackson, C. (2014, August). Password
Managers: Attacks and Defenses. In USENIX Security Symposium (pp. 449-464).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 9
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.