Brute Force Attacks & Easy to Guess Passwords

2 years ago

Working from home and the general strains to business brought about by the Covid-19 pandemic has brought security back into the spotlight. Security was instrumental to protecting business networks with employees working from home, this became especially important as Covid-19 relatedย cyber attacksย were on the rise. One of these security concerns is having a strong password and incorporating a comprehensive password policy.ย Recently Brazil has reported a 124% increase in Covid-19 related brute force attacks. This article will discuss brute force attacks and the importance of having a password policy in place.ย 

What is a brute force attack?ย 

A brute force attack or a dictionary attack is a highly automated guessing strategy used to crack your password. Itโ€™s reliant on smart dictionaries and using a list of well-known, easyย toย guess passwords. Most people are now aware that passwords such as โ€˜password123โ€™ are easily guessed. However, these brute force attacks are constantly evolving and sophisticating. This means that even more seemingly complex passwords can be easily guessed due to emerging tactics such as:ย 

  • Use of password lists โ€“ as well as incorporating lists of well-known passwords, hackers will also use a list of compromised passwords. When a company suffers a data breach, hackers will generally sell or publish a list of the compromised passwords from an attack.ย This attack is also commonly known as a reverse brute force attack.ย 
  • General maturing of brute force software โ€“ as well as password lists and dictionaries, brute force software is getting better at recognising keyboard patterns and character substitutions. For example, Password123ย becomesย P@55w0rd123.ย 

What constitutes as an easy to guess password?ย 

  • Firstly, the password length is short (less than 10 characters).
  • The password does not contain any variation between upper case and lower case letters.
  • Similarly,ย theย password does not contain numbers or symbols.ย 
  • The password contains common phrases or identifying information (names, birthdays, pet names, the word โ€˜passwordโ€™ etc.).

The password contains common phrases or identifying information (names, birthdays, pet names, the word โ€˜passwordโ€™ etc.)

A password policy is a set of rules designed to increase the security of the accounts those passwords protect. Weak passwords can be easy to compromiseย in a brute force attack which is a common tactic used by hackers. The longer and more complex the password, the harder it will be to crack.ย 

The time it takes for passwords to be cracked in a Brute Force attack. Source: Hive Systems

A password policy is a key aspect of any Managed Security solution.ย The above graph shows how even a seemingly complex password could actually be cracked within a short period of time.ย Implementing a password policy is extremely important to your business. It ensures all the users on your network are using what is deemed to be a complex, hard to guess password.ย 

Milnsbridgeย Password Policyย 

At a glance, our password policy includes, but is not limited to the following criteria:

  • Minimum 16 characters in length.
  • Must not contain the user’s account name or parts of the user’s full name.
  • Must contain a combination of upper case letters, lower case letters, digits (0-9) or non-alphabetic characters (!,$,%,#).

According to the above graph, using our password policy, your password would take between 37 billion – 1 trillion years to crack.

Whilst brute force attacks are not as common as other types ofย cyber attacks, they are constantly evolving and improving toย compromise your accounts more quickly. A comprehensive password policy and general password education is key to protecting your accounts and business data from being compromised in the case of a brute force attack and any other type ofย cyber attack.ย ย 

To discussย Managed Security and general Managed Services for your business, contactย Milnsbridgeย on 1300 300 293.ย 

Letโ€™s get started

Get in touch today and speak with one of our friendly staff. We will take the time to assess your business requirements and provide an obligation-free quote.ย 

Facebook
Twitter
LinkedIn

CORE

All the essentials
$ 75 Monthly
  • 3 Hours Remote Support
  • Support Hours 8am - 5.30pm M-F
  • Best Effort Response Times
  • Staff Onboarding + Offboarding
  • Microsoft 365 Administration
  • Cyber Security Awareness Training
  • EDR/Antivirus - Endpoint Protection
  • Cloud Hosted Email Security
  • Critical Software + Security Updates
  • Server Performance Monitoring
  • 24 x 7 System Monitoring + Alerts
  • Daily Backup Monitoring
  • Monthly Executive Reports
  • Standard Operating Environment

Growth

Unlimited Support + Security
$ 95 Monthly
  • Unlimited Remote + Onsite Support
  • Support Hours 8am - 5.30pm M-F
  • Guaranteed Response Times
  • Staff Onboarding + Offboarding
  • Microsoft 365 Administration
  • Cyber Security Awareness Training
  • EDR/Antivirus - Endpoint Protection
  • Cloud Hosted Email Security
  • Critical Software + Security Updates
  • Server Performance Monitoring
  • 24 x 7 System Monitoring + Alerts
  • Daily Backup Monitoring
  • Monthly Executive Reports
  • Standard Operating Environment
  • Keeper Password Manager
  • Duo Multi Factor Authentication
  • DNS Filter Internet Protection
Popular

Enhanced

Unlimited Support 24x7 + Security
$ 165 Monthly
  • Unlimited Remote + Onsite Support
  • 24 Hours Support - 7 Days a Week
  • Priority Response Times
  • Staff Onboarding + Offboarding
  • Microsoft 365 Administration
  • Cyber Security Awareness Training
  • EDR/Antivirus - Endpoint Protection
  • Cloud Hosted Email Security
  • Critical Software + Security Updates
  • Server Performance Monitoring
  • 24 x 7 System Monitoring + Alerts
  • Daily Backup Monitoring
  • Monthly Executive Reports
  • Standard Operating Environment
  • Essential 8 Assess & Report
  • Monthly Vulnerability Scanning
  • Threatlocker Application Control
  • Keeper Password Manager
  • Duo Multi Factor Authentication
  • DNS Filter Internet Protection