What is Password Cracking:
A login and password aren’t what most people think it is. It’s a complicated set of processes that can involve multiple systems, secure transport to and from the servers, a trusted network of server identity assurance and revocation, code to evaluate the complexity of the user-generated password, more code to make sure the person entering the code is indeed a human, a secondary factor of authentication, and a means to recover lost passwords. So password cracking is more than just running a program to guess the password — it’s about cracking the password process to take over a user’s account.
What makes protection a challenge:
Any system that allows users to access it from anywhere and also requires those users to make, safeguard, and remember their passwords is a system that’s going to be difficult (if not impossible) to defend. According to what OSSTMM researchers refer to as “The Somebody Sequence,” the more interaction somebody has in the security process, the higher its attack surface. Asking employees to manage their passwords is like giving them full control over the keys to an important lock. You can purchase one of the strongest locks money can buy, but how secure can it ultimately be if there are keys for it floating around everywhere?
Want to discuss it further, contact us today!
COMMON SECURITY THREATS SERIES:
Learn about other security threats you might be up against: