Q

How effective are password hack tools?

Richard Brain, our resident application and platform security expert, explains why strengthening a password is so important.

Richard Brain

How effective are current password hack tools, and what can be done to enable secure user authentication and defend against them?

Password hack tools have continually improved in the past few years. In late 2008, for example, a Russian firm used parallel Nvidia Graphics cards to dramatically reduce the time needed to crack WPA Wi-Fi passwords.

The cracking process also becomes even faster if extensive rainbow tables are used. These tables contain pre-calculated password hash lookups, which can break the encryption used to protect the passwords, and therefore provide a shortcut for those trying to hack them. Thanks to these recent improvements, it is now trivial to crack a password based on a dictionary word or a dictionary word combined with a number.

The best defence against password hack tools is to create a strong password consisting of multiple words, numbers and characters of mixed case. It is also common to find the Leet alphabet (Internet slang, similar to the spellings and abbreviations used in telephone text messages) or password generators, being used to create strong passwords.

This was last published in June 2009

Related Q&A from Richard Brain

Dynamic code analysis vs. static analysis source code testing

Managing vulnerabilities involves a wide array of security testing, including both dynamic and static source code analysis. Learn how the two differ,... Continue Reading

Pwn2Own results: The most secure Internet browser for enterprises

Which browsers are secure enough for enterprise use, and which should be avoided at all costs? In this expert response, Richard Brain examines the ... Continue Reading

Google cloud applications: Secure enough for the enterprise?

Google cloud applications aren't necessarily known for their security. In this expert response, learn what to watch out for when considering using ... Continue Reading

Read more on Identity and access management products

All
News
In Depth
Blog Posts
Opinion
Videos

Latest News

Download Computer Weekly

In The Current Issue:
- Interview: John Seglias, chief digital information officer, Defra
- Interview: Matthew Gould, chief executive of NHSX, on transforming health service technology
- Choose tools to prevent communication overload
Download Current Issue

Latest Blog Posts

Setting out the target for diversity – WITsend
Latest UK fintech investment figures reflect the evolution of the sector – Fintech makes the world go around
View All Blogs

Start the conversation

Send me notifications when other members comment.

-ADS BY GOOGLE

SearchCIO

Facebook's Libra project -- why enterprises should prepare

Facebook's foray into cryptocurrency is setting off alarm bells in government and finance circles. The question is how could the ...
Ransomware attacks: How to get the upper hand

Ransomware attacks are on the rise. Can organizations play like Radiohead and refuse to pay? The answer from security experts is ...
Amid pivot to the cloud, a change management plan builds support

A comprehensive change management plan was critical to the success of SoulCycle's big shift to the cloud. Read how IT coached ...

SearchSecurity

Cisco engineer: Why we need more women in cybersecurity

Progress on the cybersecurity gender gap has been slow but steadier recently. Cisco engineer Michele Guel explains how to hack ...
Experts: Facebook fine by FTC should be wake-up call for all

Facebook will reportedly be hit with a $5 billion fine by the FTC following an investigation into multiple privacy issues, and ...
Cybersecurity skills shortage prompts new hiring approach

Hiring managers are widening the pool of candidates in response to the cybersecurity skills shortage. Learn how a parks and ...

SearchNetworking

Why streaming telemetry tops SNMP in tracking network performance

SNMP isn't going away anytime soon, but streaming telemetry is a much more effective way to generate critical alerts and measure ...
The 5 network security basics you need to know

In this compilation, learn what network security is, as well as how it differs from cybersecurity, common -- and potentially ...
BGP tutorial: How the routing protocol works

Border Gateway Protocol is the complex routing protocol that literally makes the internet work. This tutorial walks you through ...

SearchDataCenter

IBM mainframes face competitive pressures inside and out

IBM's mainframe business continues to be under pressure from cloud-based competitors, and perhaps even its own Power server. ...
Linux features beyond server management

Due to its open source nature, Linux is constantly gaining new capabilities. Here's a look at some common use cases and features.
Use ASHRAE guidelines to get server temperature right

The main factors that affect server efficiency are inlet air temperature, humidity and contaminants. Follow these ASHRAE ...

SearchDataManagement

Snowflake product VP expounds on data warehouse for the cloud

In this Q&A, Christian Kleinerman, vice president of product development at cloud data warehouse vendor Snowflake, talks about ...
RavenDB Cloud automates database management

RavenDB's managed cloud database service, RavenDB Cloud, intends to automate security processes, reduce overhead and cater to ...
Big data containers gain wider appeal in system deployments

This handbook examines the use of Docker containers in Kubernetes clusters to run big data systems and offers insight on ...

Close