Q

How effective are password hack tools?

Richard Brain, our resident application and platform security expert, explains why strengthening a password is so important.

Richard Brain
Published: 12 Jun 2009

How effective are current password hack tools, and what can be done to enable secure user authentication and defend against them?

Password hack tools have continually improved in the past few years. In late 2008, for example, a Russian firm used parallel Nvidia Graphics cards to dramatically reduce the time needed to crack WPA Wi-Fi passwords.

The cracking process also becomes even faster if extensive rainbow tables are used. These tables contain pre-calculated password hash lookups, which can break the encryption used to protect the passwords, and therefore provide a shortcut for those trying to hack them. Thanks to these recent improvements, it is now trivial to crack a password based on a dictionary word or a dictionary word combined with a number.

The best defence against password hack tools is to create a strong password consisting of multiple words, numbers and characters of mixed case. It is also common to find the Leet alphabet (Internet slang, similar to the spellings and abbreviations used in telephone text messages) or password generators, being used to create strong passwords.

Related Q&A from Richard Brain

Dynamic code analysis vs. static analysis source code testing

Managing vulnerabilities involves a wide array of security testing, including both dynamic and static source code analysis. Learn how the two differ,... Continue Reading

Pwn2Own results: The most secure Internet browser for enterprises

Which browsers are secure enough for enterprise use, and which should be avoided at all costs? In this expert response, Richard Brain examines the ... Continue Reading

Google cloud applications: Secure enough for the enterprise?

Google cloud applications aren't necessarily known for their security. In this expert response, learn what to watch out for when considering using ... Continue Reading

Read more on Identity and access management products

All
News
In Depth
Blog Posts
Opinion
Videos

Latest News

Download Computer Weekly

In The Current Issue:
- Cisco pays $8.6m after whistleblower discloses security flaws in video surveillance system
- AI storage: Machine learning, deep learning and storage needs
- Use Windows 7 end of life to update desktop productivity
Download Current Issue

Latest Blog Posts

How C3M is easing multi-cloud management – Eyes on APAC
IBM floats another cloud strategy – Cliff Saran's Enterprise blog
View All Blogs

Start the conversation

Send me notifications when other members comment.

-ADS BY GOOGLE

SearchCIO

RPA journey: Schneider Electric's global plan taps Blue Prism, UiPath

Schneider Electric, a multinational energy management company, has embarked on a robotic process automation journey, establishing...
Blurring the lines between RPA platforms and APIs

RPA is quickly making itself known in the automation market, but the real game changer is utilizing the technology in an API-rich...
Preparing for a 5G deployment: 5 things CIOs need to do now

Experts discuss the five moves CIOs should be making right now to ensure they are prepared to take hold of 5G as it becomes more ...

SearchSecurity

DevOps security checklist requires proper integration

There are a lot of moving parts to adding security into a DevOps environment. Using application testing DevOps security tools are...
How to identify and evaluate cybersecurity frameworks

Not all frameworks for cybersecurity are equal. ESG's Jon Oltsik explains what attributes make a cybersecurity framework and how ...
Microsoft discovers BlueKeep-like flaws in Remote Desktop Services

Microsoft disclosed four remote code execution flaws in Remote Desktop Services that are similar to BlueKeep, as well as other ...

SearchNetworking

Compare the leading SD-WAN vendors before you buy

This SD-WAN vendor comparison chart is a useful starting point to get information about SD-WAN deployment options, pricing, cloud...
Cisco faces sales slump amid Chinese tariffs, falling SP revenues

Cisco forecast weak revenue growth in the current quarter, as service provider sales fell and product orders were flat. The ...
The top AIOps use cases in network performance management tools

AIOps use cases in network performance management include automating certain network functions, including traffic analysis. But ...

SearchDataCenter

How to get out of a bad colocation contract

Renegotiation, legal action and cancellation are all options if your colocation service agreement isn't up to par. But each ...
5 steps to include on your software update checklist

Training, testing and automation are all essential components to software updates. Implementing these concepts makes version ...
Cray exascale computer to modernize aging nuclear weapon stockpile

The U.S. is buying an exascale system from Cray Inc., its third from the company which is now being acquired by HPE. The $600 ...

SearchDataManagement

AWS Lake Formation goes GA, as cloud data lake market grows

First released in late 2018, AWS Lake Formation is now generally available and it could be the force that helps to accelerate ...
Apollo data graph brings managed federation to enterprises

The new Apollo update is intended to enable organizations to federate multiple enterprise data sets more easily and use APIs to ...
Data management roles: Data architect vs. data engineer, others

Veteran data professional Michael Bowers differentiates between key data management positions, including their salaries and which...

Close