Password Cracking refers to the various methods hackers use to learn exactly what password you use to protect one of your computer accounts. This can be accomplished by recovering passwords from data stored in, or transported from, a computer system, website, or dark web repository. Password cracking can be done by repeatedly guessing an account password (brute force approach), by using a password dictionary which iterates on the most common passwords people use (Hint: 12345678 and Password123), and even with rainbow tables.
Password cracking is nearly always performed for malicious purposes, allowing a hacker to gain unauthorized access to your account to inflict damage or harm against you or your organization.
What should SMB’s do to Protect Against Password Cracking?
The best defense against Password cracking is strong password hygiene across your business. The only effective way to accomplish this is to adopt and train your employees on how to use a Password Manager. Please see CyberHoot’s password manager article for the many benefits as well as the risks that accompany the use of a password manager.
Beyond a password manager, make sure to adopt NIST 2017 password recommendations of a 14+ character non-complex and rarely expiring (annual resets) password in your Active Directory domain and your O365/GSuite Email accounts. This has been shown, after 10’s of thousands of compromises studied, to balance human memory and cybersecurity best practices for the best results.
Lastly, educate your users on why passwords matter through a robust cyber-education program. CyberHoot can help with all of these things… visit our Training pages to learn more for free. Please subscribe if you’d like to automate your compliance and ensure that every last employee has successfully completed their training!