Dictionary Attack

Development
Dictionary Attack

Understanding What a Dictionary Attack Is

A dictionary attack is one of the common techniques used in hacking or pentesting. This attack uses a collection of commonly used passwords (wordlists) or passwords that have been leaked on the internet, such as rockyou.txt, ignis, and others.

The difference between a brute force attack and a dictionary attack lies in the use of a wordlist. A brute force attack attempts all possible character combinations, which usually takes much longer. A dictionary attack also requires time, depending on the password complexity, the quality of the wordlist used, and the server response time.

Dictionary attacks generally target password protected access, such as web application login features, SSH login attempts, or cracking previously obtained password hashes.

Staying Secure

To avoid the risk of this attack, we can implement the following measures to keep our accounts and access secure.

1. Strong Password

Add a combination of numbers, uppercase letters, and special characters so the password is not easily guessed. Avoid simple or sequential patterns like 123, !@#, ASD, and ensure the password has at least 14 characters.

2. Never Use the Same Password Again

Do not reuse passwords because there is another attack called Credential Stuffing, which uses leaked username and password combinations from the internet and tries them on other platforms.

3. Use a Password Manager

Humans are predictable and it is difficult to create something truly random yet memorable. Therefore, use a password manager. Make sure to choose a trusted password manager or consider self hosting your own.

4. Use Multi Factor Authentication

If the application you use provides MFA, enable it. This way, even if your password is leaked, the attacker still needs to provide another authentication factor before accessing your account.

As Developers

As application developers, we can also implement the following measures to keep users and applications secure from such attack attempts.

1. Force Users to Follow a Strong Password Policy

Ensure that during registration or first login, users are required to create or change their password according to a strong policy, such as a minimum of 14 characters including at least one lowercase letter, one uppercase letter, one number, and one special character.

2. Blocking Mechanism

Implement a blocking mechanism to temporarily disable accounts or block IP addresses when there are multiple failed login attempts, for example after three consecutive failures. You can also apply rate limiting on the login feature to mitigate attack attempts.

Conclusion

Dictionary attacks remain a threat to our accounts and credentials. Therefore, we need to create unique, strong passwords that are not reused and enable multi factor authentication. Remember, passwords are still the most commonly used authentication method. If your password is weak, it can lead to loss or misuse of your access.

Download Indonesian Password Wordlist

Password: tcsT4XtyywiB8EkFLEKkqg
Download: LINK