password attack

6 Types of Password Attacks commonly used by Ethical Hackers

password attack

Password attacks, when performed by ethical hackers, verifies the probability of being hacked. In other words, the technique secures your accounts by ensuring that they cannot be hacked by cybercriminals.

Changing your password is indeed the best way to ensure the security of your accounts. However, taking necessary precautions to mitigate password theft is also an important step to secure your account. Assuming that your password cannot be hacked is exactly what cybercriminals want you to think.

Check if you have an account that has been compromised in a data breach –

How to create a strong password?

Scoring the password to an individual account using traditional methods is easier than securing an organization’s account. However, cybercriminals often target business accounts for monetary and non-monetary reasons. They apply advanced techniques to compromise the accounts. Ethical hackers’ role comes in to ensure the security of your accounts. They test the probability of a compromise. They perform various methods of password hacking, which reduce the probability of being hacked.

6 types of password attacks commonly used by ethical hackers


Types of Password Attacks

Sub-divisions of Password Attacks

Process of Password Attacks

1. Non-electronic Accounts It is a non-technical attack thatis performed even without sound technical knowledge. Shoulder surfing

Social engineering

Dumpster diving

2. Active Online Attack Password guessing Attackers create possible passwords by collecting information from social media accounts and other online sources.

Criminals use the default password provided by manufacturers to crack accounts.

Brute forcing attack Attackers make multiple attempts with possible combinations until they crack the account.
Dictionary attack Attackers load dictionary files of passwords and runs it against user attacks.
Rule-based attack The attack is performed only after receiving information about the password.
Trojans/ Keylogger/ Spyware Either of these viruses or malware are run in the background to track the passwords.
Hash injection attack The attacker injects a compromised hash into a local session and uses it to retrieve the domain admin account hash. To log on to the domain controller, use the extracted hash.
3. Passive Online Attack Man-in-the-middle The attacker gains access to the communication channel to extract confidential information.
Wire-sniffing Packet sniffer tools on the local area network are used to access and track the network traffic.
Replay attack Packets and authentication captured using a sniffer are used to extract relevant information, and then they are placed on the network to gain access.
4. Offline Attack Rainbow table Captured password hashes are compared to the precomputed tables to recover passwords.
Distributed network attack The technique is used to recover passwords from hashes using excess power of machines to decrypt passwords.

Ethical hackers need to be aware of all these and various other password attacks that are commonly used by cybercriminals. It requires getting into the attackers’ shoes and wearing their thinking cap and performing all possible attempts to infiltrate business accounts. Moreover, if ethical hackers can compromise your password, then remember that cybercriminals can easily compromise it too.

Learn and acquire ethical hacking skills

Certified Ethical Hacker (CEH) is a recognized ethical hacking program and is a must credential to all the information security professionals to learn ethical hacking from its fundaments. The CEH trains you on the latest hacking tools and techniques used by information security professionals to secure and defend the organizations from future attacks.


What are the most common types of cyberattacks?
Besides epidemics, natural disasters, and nuclear weapons,there is one other thing sending tremors to economically powerful continents of the world, a ‘cyberattack.’ The most common cyberattacks are – phishing, ransomware, SQL injections, and more.
Learn them all: 15 Types of cyberattacks that businesses face

How to know that the password can be hacked?

According to Troy Hunt, in collaborating with U.K. based National Cyber Security Centre (NCSC), the password ‘123456’ was used 23 million times in data breaches. Users often create passwords that are closely related to them or, on the simplest note, are a series of numbers.

Find out if your password is among the world’s most common passwords:Is your password predictable?

What are the skills of an ethical hacker?

To protect businesses, organizations prefer investing in trained ethical hackers. These professionals are trained to use methodologies and technologies similar to those used by a criminal hacker. 6 Skills that every ethical hacker must have – Identity loopholes, knowledge of penetration testing, and more

get certified from ec-council
Write for Us