A Dictionary Attack as an attack vector used by the attacker to break in a system, which is password protected, by putting technically every word in a dictionary as a form of password for that system. This attack vector is a form of Brute Force Attack.
The dictionary can contain words from an English dictionary and also some leaked list of commonly used passwords and when combined with common character replacing with numbers, can sometimes be very effective and fast.
How is it done?
Basically, it is trying every single word that is already prepared. It is done using automated tools that try all the possible words in the dictionary.
Some Password Cracking Software:
- John the Ripper
Difference between Brute Force and Dictionary Attack:
The difference with brute force attack is that, in brute force, a large number of possible key permutations are checked whereas, in the dictionary attack, only the words with most possibilities of success are checked and are less time consuming than brute force.
How to be on the safer side?
You can protect yourself from such kind of attacks by following ways:
- Choose a mix of upper and lower case letters, numbers and specials (i.e. special characters).
- Password must be a long string with more characters. The longer it is, the more time consuming it is to crack (sometimes, time to crack is in years).
- Password reset should be done after a certain period of time.