Authentication and Password Attacks
Click here or there to move to the next page!
Keeper Security. (2024, September 24). How To Prevent Password-Based Attacks [Video]. https://www.youtube.com/watch?v=gu4bOs7prrI
Show Text Version
Next
Databases in Password Guessing Attacks
“any collection of data, or information, that is specifically organized for rapid search and retrieval by a computer” (Brittanica.com)
- Dictionary Attack – software programs which automate the process of rapidly testing many potential passwords for a given account.
This attack uses a database (aka dictionary) of words that people are likely to use in their passwords including names of movies, teams, celebrities, foreign languages, AND including spelling with numbers or special characters substituted for letters. Hybrid Attack = Dictionary + Brute Force Attack assumes most passwords can be found in cracking dictionaries and depends on fast, high volume guessing.
Click here for a video
Back
Next
Databases in Password Guessing Attacks
- Password Spraying – testing a weak password against a large number of accounts.
For example, a malicious actor who has the usernames of all 10,000 employees at First Bank can automate trying the password “password123” on all the accounts, then, try again with another password from a database of commonly used passwords.
- Advantage – it avoids lockouts that are invoked after 2-3 incorrect password attempts.
ReSource Pro Compliance. (2021, April 13). CYBERMinute - What is Password Spraying? [Video]. https://youtu.be/HgGCzPZwq8s
Show Text Version
Back
Next
Databases in Password Guessing Attacks
Password spraying is the inverse of a Brute Force attack.
- Dictionary brute force tries to access one account by trying lots of different passwords.
- Password spraying uses one password and tries it on lots of different accounts.
Attack assumes a percentage of people use common passwords and depends on fast login attempts to numerous accounts.
Password Spraying
Brute Force
Back
Next
Databases in Password Guessing Attacks
Credentials = username + password pair used for authentication
Credential Stuffing – trying username/password from a breach in order to gain access to user accounts. Example: the malicious actor steals the user account database from BigStore.com, then, automates trying those credentials to log into accounts at MovieNite.com and lots of other online sites.
Back
NordVPN. [Video]. YouTube. https://www.youtube.com/watch?v=55_omclaQ2g
The video explains common password‑based attacks (like brute force or guessing) and outlines effective strategies to protect your accounts by using strong, unique passwords and additional security measures.
- Weak or reused passwords make you vulnerable to password-based attacks, attackers can guess or brute‑force easily.
- Use strong, unique passwords for every account: long passwords, mix of letters (upper & lower case), numbers, and symbols.
- Avoid re‑using the same password across multiple services, if one account gets compromised, many others become vulnerable.
- Whenever possible, enable additional security measures (e.g. two‑factor authentication) to add a second layer of defense.
- Regularly review and update your passwords, old passwords are often more vulnerable, especially if they’re common or reused.
The video explains what a password‑spraying attack is, a kind of cyber attack where an attacker tries a few common passwords against many accounts (rather than many passwords on one account) and why it’s dangerous for online accounts.
- In a password‑spraying attack, hackers don’t try millions of passwords on a single account. Instead, they pick a few common passwords (like “123456”, “password”, etc.) and try them across many accounts.
- Because many people use weak or common passwords, this technique often gives hackers a good chance of success.
- Using strong, unique passwords, ones that aren’t common or guessable, greatly reduces vulnerability to password‑spraying.
- Enabling extra security measures (e.g., two‑factor authentication, security keys) adds another layer of protection beyond just a strong password.
- Organizations and individuals should avoid predictable passwords and encourage password hygiene policies (like using password managers, not sharing passwords, not using same password across sites).
Module 3 : Lesson 2 Authentication and Password Attacks
Teaching and Learning
Created on October 2, 2025
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Randomizer
View
Timer
View
Find the pair
View
Hangman Game
View
Dice
View
Scratch and Win Game
View
Create a Word Search
Explore all templates
Transcript
Authentication and Password Attacks
Click here or there to move to the next page!
Keeper Security. (2024, September 24). How To Prevent Password-Based Attacks [Video]. https://www.youtube.com/watch?v=gu4bOs7prrI
Show Text Version
Next
Databases in Password Guessing Attacks
- What is a database?
“any collection of data, or information, that is specifically organized for rapid search and retrieval by a computer” (Brittanica.com)- Dictionary Attack – software programs which automate the process of rapidly testing many potential passwords for a given account.
This attack uses a database (aka dictionary) of words that people are likely to use in their passwords including names of movies, teams, celebrities, foreign languages, AND including spelling with numbers or special characters substituted for letters. Hybrid Attack = Dictionary + Brute Force Attack assumes most passwords can be found in cracking dictionaries and depends on fast, high volume guessing.Click here for a video
Back
Next
Databases in Password Guessing Attacks
ReSource Pro Compliance. (2021, April 13). CYBERMinute - What is Password Spraying? [Video]. https://youtu.be/HgGCzPZwq8s
Show Text Version
Back
Next
Databases in Password Guessing Attacks
Password spraying is the inverse of a Brute Force attack.
- Dictionary brute force tries to access one account by trying lots of different passwords.
- Password spraying uses one password and tries it on lots of different accounts.
Attack assumes a percentage of people use common passwords and depends on fast login attempts to numerous accounts.Password Spraying
Brute Force
Back
Next
Databases in Password Guessing Attacks
Credentials = username + password pair used for authentication
Credential Stuffing – trying username/password from a breach in order to gain access to user accounts. Example: the malicious actor steals the user account database from BigStore.com, then, automates trying those credentials to log into accounts at MovieNite.com and lots of other online sites.
Back
NordVPN. [Video]. YouTube. https://www.youtube.com/watch?v=55_omclaQ2g
The video explains common password‑based attacks (like brute force or guessing) and outlines effective strategies to protect your accounts by using strong, unique passwords and additional security measures.
The video explains what a password‑spraying attack is, a kind of cyber attack where an attacker tries a few common passwords against many accounts (rather than many passwords on one account) and why it’s dangerous for online accounts.