The term Password cracker is used to address someone who breaks the codes of the system and takes access illegally from the system. Breaking codes and cracking systems becomes easy when the passwords created are weak and easy. Hence passwords should be a combination of alphabets, special characters, and numerals.

We should further read and understand the techniques used by hackers for cracking passwords. Understanding these techniques will help in making passwords strong and unique.

PASSWORD CRACKING TECHNIQUES

It is a process of securing passwords from the associated password hash, which is saved in the system.

There are three commonly used techniques for cracking passwords:

1. Brute Force attack
2. Dictionary attack
3. Rainbow table attack
4. Online Cracking password (Thc Hydra and Temper Data).
5. To crack wifi Password

Brute Force Attack

It is a type of cryptanalytic attack that could be used to decrypt and encrypt data. This attack is entirely dependent on the domain and system of the input of words/alphabets/characters used for creating the password and the length of it. In this technique, a computer could attempt one million passwords per second when trying to brute force a password. The time consumed to crack the password depends on the length of the password. Hence the longer the password, the harder to crack.

Dictionary attack

Many passwords are in the English word hence a hacker tries to break into the system by putting every single word from the dictionary as a password. It is done by automated tools that try all the possible words in the dictionary.

Also, it should be taken into consideration that, users are habitual in using the same password on multiple sites, knowing this a hacker often tries to break into a site by guessing the most common passwords being used. Usually, they try to use permutations that vary from case to case and by adding numeric as suffixes to the word. We should not ignore that, a hacker is always on the hunt and keeps trying to take over access to anyone’s system illegally, hence they have a large sample size of the most common passwords being used.

It should also be remembered that a list of passwords comes into the picture when the database of hashed passwords is leaked.  Once the attacker has had the keys password can make out the encryption and algorithm of the password and make a rainbow table.

Rainbow Table Attack

Rainbow tables are much bigger and use a different reduction function in each column. There are colors used to represent the reduction functions, while using colors it appears a rainbow color, and therefore it is termed a Rainbow table attack.

The functions of this table attack are: It is a pre-computed technique dictionary table containing text passwords along with their hash keys being encrypted while storing the password/data. In this technique, the hacker tries to crack the password by using a rainbow hash table using the database stored in the system. A rainbow table is a hash key/function used in cryptography for storing passwords in data. It generates a key for the rainbow table and encrypts the password before storing it. It works by doing cryptanalysis very quickly and effectively; hence the password should be created in such a way that it should be hard enough to crack.

To crack Online password

To crack online passwords there are two tools commonly used THC Hydra and Tamper Data: Tamper data enables one to capture and see the HTTP and HTTPS GET and POST information. In essence, Tamper Data is a web Proxy built right into our browse. It consumes the information from the domain/browser en route to the server and tempers it, hence it tampers data.

Whereas THC Hydra is also known as Kali tools. When we open THC Hydra we are greeted with the screen of syntax at the bottom of the page. This system of cracking passwords is simple and likely the same as other password-cracking tools. This tool makes it possible for hackers to show how easy it would be to gain illegal access to the system. It is very commonly known that Hydra is the fastest network logon. Below are the protocols supported by THC Hydra which is used to attack the accounts, unlike other hacker tools:

Hydra supports the following protocols:

1. Firebird, CVS, FTP, CISCO AAA;
2. HTTP-FORM-GET(/POST/HEAD), HTTPS-POST, HTTP-Proxy, ICQ IMAP, IRC, LDAP, MS-SQL, MySQL, NCP, NNTP, Oracle, PCNFS, POP3, POSTGRES, RDP, REXEC, RLOGIN, RSH, SAP/R3, SIP, SMB, SMTP ENUM, Ftps and others

To crack the Wi-Fi Password

Before knowing how to crack wifi password one should know there are how many types of wifi security there are.

The wifi securities are such as

1. WEP Security
2. WPA security or WPA2 Security

Below are the techniques for cracking wifi passwords one by one:

1. WEP Security: Firstly WEP stands for Wired Equivalent Security. This security is the easiest to crack its password. It can be easily cracked by Aircrack software. By Using this Software one can easily crack the password within 07 to 09 hours.
2. WPA security or WPA2 Security: This security can be cracked in two methods: 1. Dictionary attack or Word List attack 2. Fluxion Attack.
3. Dictionary/Word Attack: this is nothing but another name for brute force and dictionary attack. One can try all the words of the dictionary in the form of a password until cracked.
4. Fluxion Attack: In this technique the Wi-Fi connection is cut off and a new page is open. One should remember the Wi-Fi owner should be nearby. When a new page is open for a Wi-Fi connection Wi-Fi owner is asked to enter the correct password on entering the correct password we also receive his password simultaneously.

HOW TO PREVENT PASSWORD CRACKING

By reading and understanding the techniques of cracking passwords it has become clear that the password created should be strong and it should contain Upper case, Lower case, special character, numerical, and length of not less than 08 characters. There are three simple ways to prevent passwords from cracking:

The default password should be changed: Most of the hardware and software come along – with the default password to set up an account. It is to be noted that, hackers mostly use a password from the list of default passwords and try to hack from it. Hence to be changed immediately. Similarly, if we forget the password we might receive a temporary password to unlock the account. One should change the password immediately.

Pick up an uncommon password: Make such a password that a Brute Force or Dictionary attack could not crack it. Also one should not use their name, birth date, birthplace, ID card Numbers, or any such thing connected directly to their lifestyle as a hacker might be able to crack the password if he/she is following your social media page.

To safeguard brute force attacks to any of your dedicated servers such as VPS or cloud server, one can install intrusion detection and prevention software known as LFD(Login Failure Daemon) or Fail2Ban or any other similar software which could stop the unknown or strangers from taking the illegal access of accounts

Use different passwords for all accounts: One should not use the same password for all account, as such, if the hacker gains access to your password he/she can use the password for all your accounts and it will be difficult to change passwords of multiple accounts in fraction of seconds and it may cause one with huge loss, whereas if one uses differed password for all accounts, the password for one account could be changed immediately when know about the hacking and can safeguard the other accounts.

Two-Device Authentication: Secure your account by enabling two-device authentication: Two-device authentication requires you to verify your sign-in with a text message email or phone call. This makes the hacker very difficult to gain access to any account illegally. One should enable this for every account which allows it to do so, to make your account more secure. Make sure to secure and enable the social media account too in a similar way. Most of the time Hackers start hacking with social media accounts to get more personal information to misuse it.

Do not use the same password question for multiple accounts.

Do not store critical passwords on the cloud.

Clear out cache to remove the stored password or information: The web Browser might be storing the password and if someone gains access to the browser one can log in to the account by viewing the history. Hence one should regularly clear the cache from smartphone and web browsers as well.

HOW A PASSWORD SHOULD BE MADE IN A UNIQUE FORMAT

To create a hard-to-crack password one should remember to create it in such a way that, it is easy to remember, and it should be unique.

To make a Unique password 

One should remember that simple Plain text can be hacked very easily. Therefore create the password in such a way that it tells a story, such as adding the name of websites along with the smiley or using symbols of smile and special characters. Make sure that, the length of the password is big.  Once you make a good password you might be tempted to keep the same for all accounts but remember it leaves you more vulnerable if the password is cracked by any hacker.

Therefore in a simple way remember the below keys while creating a new password every time:

The length of the password should be between Eight to Sixteen characters;

It should contain Symbols;

It should Contain Numbers;

It should contain Lowercase characters;

It should contain Upper-case characters;

Do not repeat the same characters.

While creating a password one can also create a passphrase instead of a password: It has been noticed that Passphrases are more secure than passwords as they are very lengthy which makes it difficult to guess or brute force, hence if the account allows creating long passwords prefer to create a passphrase.

Lastly, remember never to share a password. Never text or email anyone your password, it is really important to keep the password private.