Brute Force Logins and Password Reset Questions

Popularity:

9

Simplicity:

3

Impact:

10

Risk Rating:

7

The brute-force or dictionary attack is one of the simplest, low-tech yet effective tools an attacker has in his or her toolbox. It is based on having a list of usernames and passwords that are used simply to try to guess in a random targeted fashion a valid username/password combination. What are the odds of someone guessing a username and a password? Well, believe it or not, they are pretty good if the site is not properly configured; of course, the user side usually works to the attacker's advantage. All users must have a decent password; if they fail to comply or you fail to enforce compliance, you will be affected.

Password reset questions were created as a way of lowering the workload on support centers or help desks because users tend to forget their passwords. Everyone has probably been asked at least once to select a secret question and type the answer for it when signing up for free services. Classic questions include:

• Mother's maiden name

• Last four digits of your driver's license

The main problem with these questions is that they are also subject to dictionary attacks, or if the attacker obtains enough personal information, he or she knows the answers.

Was this article helpful?

0 0
The Ultimate Computer Repair Guide

The Ultimate Computer Repair Guide

Read how to maintain and repair any desktop and laptop computer. This Ebook has articles with photos and videos that show detailed step by step pc repair and maintenance procedures. There are many links to online videos that explain how you can build, maintain, speed up, clean, and repair your computer yourself. Put the money that you were going to pay the PC Tech in your own pocket.

Get My Free Ebook


Post a comment