What are dictionary attacks and how do you protect against them?

A dictionary attack is a method used by cybercriminals to crack passwords, take over accounts, and steal personal data.

In a dictionary attack, threat actors use extensive word lists and phrases to guess the password for an account, including:

• Common words and simple variations
• Any words from a dictionary
• Lists of most commonly used passwords exposed in data breaches and leaks
• Popular pet names or names of fictional characters and other pop culture references

Most internet users chose convenience over the security of their accounts, opting to reuse passwords or using a single password for multiple accounts, enabling such types of attacks.

A Bitdefender consumer behavior study also emphasizes the leading cause of data compromises: poor password management. One of the highlights of our study clearly defined user attitudes towards cybersecurity risks, with more than half of respondents acknowledging that they recycle a handful of passwords across all of their online accounts, or worse, use the same password for all of them.

Paired with statistics from Bitdefender’s “leaks” database, dictionary attacks can be used to commit highly damaging and profitable breaches. Our data reveals that over 28 billion exposed email addresses are online, 98.35% of which are accompanied by passwords in plaintext. Most of the leaked credentials come from data breach compilations (e.g. Collection1 data breach compilation) shared on dark web marketplaces between 2019 and 2022.

How can you protect against dictionary attacks:

· Stay away from words and easy-to-guess number combinations: Keep simple words and sequential numbers and characters such as “abc123” out of your passwords. Hackers will have no issues cracking this type of password.

· Use a trustworthy password manager: A password manager can help you easily generate and safeguard unique and complex passwords

· Review and change passwords for improperly secured accounts: Ensure that all of your online accounts are secured with strong and unique passwords. If possible, change passwords at least once a year for your most sensitive accounts.

· Keep tabs on your digital footprint and monitor for data leaks: Knowing the extent of your digital footprint and whether your data has been exposed in a data breach or leak can help you take the necessary actions to secure your accounts and protect your identity.

Prioritize your digital safety this Cybersecurity Awareness Month and beyond with Bitdefender!

Choose our trustworthy password manager to improve your cybersecurity with the strongest known cryptographic algorithms to help you secure and manage all of your online passwords, and the possibility to create complex passwords that meet the highest security standards on all major operating systems.