They are tiny programs hidden on networks and instructed to record logons and passwords, which are then stored secretly in a file. Security experts at Carnegie Mellon University estimate that more than a million passwords have already been stolen on the Internet. One has to ask why this happens so frequently. Part of the answer is that hackers have many tools, such as dictionary programs and sniffers, to assist them. A hacker will launch a dictionary attack by passing every word in a dictionary (which can contain foreign languages as well as the entire English language) to a login program in the hope that it will eventually match the correct password. A sniffer can read every keystroke sent out from your machine, including passwords. But a large portion of the blame falls on the users themselves. They willingly share their passwords. More important, users are too predictable in their choice of passwords. Left to their own devices, users often choose a password that is too short or too easy to guess.
Passwords are about identity. We tend to reveal ourselves in our passwords. We often choose the name or birth date of a loved one; we use our address, telephone number, or Social Security number; we use the name of a favorite artist, actor, or author. Or we are wise enough to avoid any personal references but choose a word that is ridiculously short, a dictionary word, a name or word spelled backward, or an alphabet or keyboard sequence. Just because we think a foreign word is obscure doesn't mean that it isn't in a dictionary somewhere. The point is that all of these types of words are easily guessed, which makes the job of password cracking straightforward.
Disediakan Oleh : Wong How Ling (A108917)