Password Sniffing is a hacking technique that uses a special software application that allows a hacker to steal usernames and passwords simply by observing and passively recording network traffic. This often happens on public WiFi networks where it is relatively easy to spy on weak or unencrypted traffic.
And yet, password sniffers aren’t always used for malicious intent. They are often used by IT professionals as a tool to identify weak applications that may be passing critical information unencrypted over the Local Area Network (LAN). IT practitioners know that users download and install risky software at times in their environment, running a passive password sniffer on the network of a business to identify leaky applications is one legitimate use of a password sniffer.
As you can imagine, in the hands of an unscrupulous administrator this can could lead to serious problems. Generally, such activities should be sanctioned by a senior leader in the company and the use of this software should be governed by more than one individual to prevent the abuse of any findings.
Source: Techopedia, SSH
Additional Reading: Protecting against the Next Great Heist by Encrypting Data in Transit
Related Terms: Packet Sniffing, Wireshark
