The truth is that access to the passwords of users is not easy, since encrypted, and the only way to manually are stored in a way it is guessing it. A technique to obtain passwords is through the use of sniffers i.e. programs that intercept our communications and recorded passwords. There are ways of speeding up this process, through a keylogger. However, when these hacker tools fail, you can resort to brute force. WIKIPEDIA defines brute force such as: how to recover a key testing all possible combinations until you find one that allows access. Despite what may seem, is one of the methods most used by hackers, which exploits the most recurring vulnerability in the security of the information: the human factor. Users do not have sufficiently strong passwords, such as different types of characters and numbers that involve a certain complexity.
On the contrary, to prevent forgetting your password, they prefer passwords easy to remember, but at the same time to guess. To this end, the hacker, they use tools that have dictionaries of passwords, whose function is to keep trying passwords one by one. However, as users, we know that only with a password, you cannot access a post, since that requires a user code. To achieve both the user code and password, through this type of attack, exists different tools like BrutusAET 2 to brute force passwords of FTP, Net Tools Essential to brute force passwords from network (NetBIOS) service, or John the Ripper Windows, Linux to brute force passwords hashed from Windows. A simple way of protecting a system against attacks brute-force or dictionary attacks is to establish a maximum number of attempts.
In this way the system automatically locks after a number of failed attempts to default. However, even though there is a lockout policy of account, or complexity of passwords which obliges to change it from time to time they are also easily predictable because they often consist of adding short sequences of numbers to the same original root. Therefore, most advisable would set policies of sufficiently strong passwords, by a specialized company. From Audea want to remind you that the best way to prevent a penalty or damage to our information systems, is to comply with all technical and legal requirements of the security of the information. Audea security the information Eduardo de Miguel’s caves.