Kids Code & Computer Science

Be wary of these password pitfalls that hackers love and learn how to keep your data secure!

If you imagine how a hacker manages to break a password, you may imagine them trying all sorts of special algorithms and secret techniques to crack the code. In truth, sometimes a hacker doesn’t have to work so hard. Sometimes, people’s passwords are so weak that hackers can use really simple techniques to crack them.

One example of this is the rightly-named “brute force attack.” This is when a hacker doesn’t use any fancy tools or espionage to break a password. Instead, they continuously enter passwords until they get the correct one.

Do you know those combination locks that go from 0000 to 9999? Have you ever been tempted to enter in 0001, then 0002, and so on until you got the right number? That’s a good example of a brute force attack; you have no idea where to start or what to guess, so you just start from the start and keep going until you hit the right code.

At its basic level, brute-forcing a password involves beginning from the very start and working upward. If a password can be one character long, this involves trying “a,” then “b,” all the way to Z. Then the hacker needs to try the capital variants of each letter because passwords care about whether a letter is a capital or not (also known as ‘case-sensitive’).

Once the letters are all done, the hacker tries the numbers 0-9, then all the symbols on the keyboard. If none of those work, they then go the next step up and enter “aa,” “ab,” etc until they do all possible combinations and crack the password.

A hacker doesn’t actually sit down and type all these out; that would be way too much work! Instead, they get a powerful computer to do it for them. These computers can rattle off passwords really quickly, so weak passwords stand no chance.

There are other ways hackers brute-force a password. Dictionary attacks, for instance, use words found in the dictionary in hopes someone set their password to something like “hummingbird” or “zebra.”

Hackers may also try the most-used passwords on the internet in hopes that their target used them. Examples include “qwerty,” “password,” and “opensesame”: all very popular passwords.

So, how do you stay safe from these attacks? To defeat regular brute-force attacks, try to make your passwords long. If you think about it, the more letters, numbers, and symbols you add to a password, the longer it takes to guess.

For instance, “cat” will be cracked pretty quickly because it’s only three letters long; however, “thecatonthemat22” has 16 characters to it. The cracker will have to check every single potential 1-character password, every 2-character, 3-character, and so forth before it reaches 16-character passwords.

If you use My1Login’s password strength meter, you can see how long it takes for a password to be brute-forced open. “Cat” will only last 0.05 seconds according to the website; “thecatonthemat22” would last a month!

For dictionary attacks, try not to use only words you could find in the dictionary. Try to mix things up by replacing letters with numbers and symbols, or add them at the end if you want. Also, be sure not to use a popular password that loads of other people use.

Websites also do their part to make it hard for hackers to brute-force passwords. Before reading on, try to think of some ways you could stop brute-force attacks from cracking a password, and how websites protect you.

First, websites often ask for at least a set amount of characters, such as six characters. This stops really short passwords like “cat” from being broken open quickly. Websites also often ask for numbers and symbols to appear somewhere, to stop dictionary attacks. Finally, websites typically lock down an account if too many incorrect entries are made, which means a hacker has a very small window to brute-force a password before they’re kicked out.

The next time you’re making a password, try to think of ways to make it really secure without making it too hard to remember. Remember; just a handful of numbers and symbols go a long way!

Learn More

What Is a Brute Force Attack?

https://www.varonis.com/blog/brute-force-attack/

List of the most common passwords

https://en.wikipedia.org/wiki/List_of_the_most_common_passwords

My1Login password strength checker

https://www.my1login.com/resources/password-strength-test/

Brute Force Attack

https://www.cloudways.com/blog/what-is-brute-force-attack/

Types of brute force attacks

https://www.manageengine.com/log-management/cyber-security-attacks/what-is-brute-force-attack.html

How to choose a strong password

https://www.bu.edu/tech/support/information-security/security-for-everyone/how-to-choose-a-strong-password/

Tips for strong passwords

https://home.bt.com/tech-gadgets/computing/8-tips-to-make-sure-your-passwords-are-strong-but-simple-11364015494778

Creating and remembering strong passwords

https://www.skyhighnetworks.com/cloud-security-blog/how-to-create-a-strong-password-you-actually-remember/

Dictionary attacks

https://www.hacksplaining.com/glossary/dictionary-attacks

What is a dictionary attack?

https://www.academickids.com/encyclopedia/index.php/Dictionary_attack

Brute force attack facts

https://kids.kiddle.co/Brute_force_attack

Teaching kids to create secure passwords

www.thedadsnet.com/teaching-kids-make-secure-passwords/

Phishing and password attacks

https://www.khanacademy.org/computing/ap-computer-science-principles/the-internet/cybercrime-and-prevention/a/phishing-and-passwords

Safe password tips for children

https://wezift.com/parent-portal/blog/safe-password-tips-your-child-should-know/