What Is A Dictionary Attack and How To Prevent It

Have you ever wondered how hackers breach your accounts even if they don’t know your password? It’s not just luck or guesswork; a dictionary attack is one of many methods cybercriminals use to crack passwords and break into your online accounts.

Throughout this article, we will break down what a dictionary attack is, how it works, and the steps you can take to prevent threat actors from cracking your passwords and stealing your personal information.

Table of contents

• What is a dictionary attack?
• How do dictionary attacks work?
• How to prevent dictionary attacks
• How Internxt can help fight dictionary attacks

What is a dictionary attack?

A dictionary attack is a brute-force method that uses specific lists (dictionaries) of words or phrases that have the highest chance of success. It is much more dangerous than typical brute-force attacks, which try every combination possible starting from AAA, AAB, AAC, etc.

Dictionary attacks, therefore, are more focused and efficient because they use lists of previously leaked passwords and common words or phrases rather than trying every possible combination of characters.

For example, weak passwords such as "password123" are likely on a list of dictionary attacks, and other combinations from these lists will also be used, like "p4$$w0rd", to increase a hacker’s chances of cracking the password.

A successful dictionary attack occurred on Dropbox in 2012 when an attacker obtained a password from a Dropbox employee, added it to their dictionary, and gained access to Dropbox’s systems. The result caused a leak of 68 million users’ credentials, one of the worst data breaches in history.

More information about privacy issues related to Dropbox can be found on our website, explaining why Internxt is a more secure and private alternative to Dropbox.

How do dictionary attacks work?

When you create an account with any website or app, your password is scrambled into a random series of characters by an algorithm to avoid storing passwords in plaintext.

This process is called hashing and is preferred over encryption because if a data leak happens, the hackers can’t access the plaintext password. On top of that, the hosts of the website or app have no way to know or access your password in its plaintext form.

Even so, there are ways to crack a hashed password using these techniques:

1. A hacker takes a list of common or predictable passwords from a dictionary and uses the same hashing algorithm as the target system. If a hash from the dictionary matches a leaked hash, it reveals the original password used, allowing attackers to access accounts without needing to decrypt the hash directly.
2. Attackers will also use rainbow tables, which are a precomputed database of passwords and their corresponding hash values. Rather than hashing each password attempt, hackers use rainbow tables to look up the hash and the original password that produced it, making it a faster and more efficient way to crack passwords.

How to prevent dictionary attacks

Fortunately, there are many ways to prevent dictionary attacks, but you will need to maintain good cyber hygiene to prevent future software from leaking your data online. With these techniques and tools, however, you can avoid a dictionary attack and keep your personal and financial data protected.

Maintain password security

Let’s start with the basics. As a dictionary attack is more successful if the password is weak, you will need to create a strong password. Here are the recommended features of a good password that would be close to impossible for a hacker to crack.

1. Minimum 12 characters, but the more the better, 16 is a good number to aim for
2. Uses a mixture of uppercase, lowercase, and different characters
3. Contains no information linked to you (birthdays, pet names, etc)
4. Avoids common names or keyboard patterns (qwerty)

On top of this, create unique passwords for all your accounts and change them every 6 months or so, or if you receive a notification that someone has tried to access your account.

Many websites offer guidelines when you enter a weak password, so keep these features in mind when creating a new account.

Use two-factor authentication

2FA or biometric authentication will protect your accounts, even if someone accesses your account by hacking or other methods, such as shoulder surfing because you need to authorize and verify that you are logging in to your account.

Many websites offer 2FA, and there are also authentication apps you can use to add even more security on top of your strong password.

Use a password manager

Due to all the accounts we create online, it's extremely difficult to remember them all, so rather than writing them down, which is the worst thing you can do, you can use a password manager to store and remember the passwords for you.

Make sure you choose password managers that use end-to-end encryption to ensure maximum security and protection against data breaches.

Limit password attempts

Most websites will block your account if somebody enters an incorrect password too many times. You can also manage your settings with some services to set a limit on how many failed login attempts are permitted before the system locks your account.

This will reduce the chances of a dictionary attack and alert you if somebody is trying to access your account.

Magic links

Some websites also help you avoid using passwords completely by sending you a unique one-time-use link to log in to your account. These are known as magic links, and as no password is required, there is no chance of a dictionary attack.

Be aware that if your email account is compromised, a magic link won’t protect you if an attacker uses your email to log into other accounts, so make sure your email has all the security features possible.

How Internxt can help fight dictionary attacks

Internxt is an EU tech company that emphasizes privacy through its post-quantum encrypted cloud storage, VPN, Antivirus, and upcoming Meet and Mail products with prices starting from €3 a month.

Aside from that, Internxt offers several features and free resources that protect your passwords and online life.

Password hashing and salting

When you create an account with Internxt Drive, your password goes through the hashing and salting process, which is done by a one-way cryptographic algorithm. For extra security, Internxt also adds a random value to the password before hashing, a process known as salting.

Salting ensures that even if two users have the same password, the hashes are different. Salting protects against dictionary attacks and rainbow tables, making it extremely difficult to crack passwords, even if the database contains the hashes.

Two-Factor Authentication

Internxt Drive includes two-factor authentication to protect your cloud storage. Once you create an account or purchase a paid subscription or lifetime account, you can choose your preferred authentication app to verify that it is you accessing your files.

Create a backup key

Internxt uses zero-knowledge encryption for all its products. This means that your cloud is protected from unauthorized access because the encryption key is managed on your device.

As Internxt cannot access any of your files, including your password, if you forget your password, the only way to regain access to your account or avoid having your files deleted is to create a backup key.

If you lose or forget your password, you can download and create a backup key to prevent your files from being deleted.

Learn how to create a backup key for your drive account from our help centre.

Dark web monitor

Internxt Dark Web Monitor is a free tool that checks a database of compromised accounts to alert you if your password has leaked online.

Our dark web monitor also checks if other information has leaked online, aside from passwords. When you enter your email, we let you know when, where, and what information has been leaked in a data breach, so you can take steps to protect your accounts.

Password generator

Internxt makes creating a strong password easy with our free password generator. With this, you can customize your password by editing the password length, adding characters, and adding upper and lowercase letters.

You can create a passphrase with this tool, which is another form of password protection that will reduce the chances of your account being compromised by a dictionary attack.

Password checker

Once you have created your password, you can verify its strength by using our password checker too. This will give you an idea of how strong your password is and also how long it would take to crack, even with the most advanced hacking software.

Other free resources

Internxt also offers a free temporary email, so if you need to sign up for an account but don’t want to use your email, this will provide a random email to protect you from spam emails that could lead to phishing and compromised passwords.

You can also use our free virus scanner to ensure files on your computer don’t contain malware or viruses that could infect your system and compromise your accounts or passwords.

Sign up with Internxt Drive today for free, or choose from one of our paid plans that include VPN, Antivirus, and Meet and Mail for the best cloud storage and privacy-focused product suite to protect your online privacy.