2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet862/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   858   859   860   861   862   863   864   865   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Password Guessing
In the most basic type of password attack, attackers simply attempt to guess a user’s pass-
word. No matter how much security education users receive, they often use extremely weak 
passwords. If attackers are able to obtain a list of authorized system users, they can often 
quickly figure out the correct usernames. (On most networks, usernames consist of the first 
initial of the user’s first name followed by a portion of their last name.) With this informa-
tion, they can begin making some educated guesses about the user’s password. The most 
commonly used password is some form of the user’s last name, first name, or username. 
For example, the user mchapple might use the weak password elppahcm because it’s easy to 
remember. Unfortunately, it’s also easy to guess.
If that attempt fails, attackers turn to widely available lists of the most common pass-
words on the internet. Some of these are shown in the sidebar “Most Common Passwords.”
Most Common Passwords
Attackers often use the internet to distribute lists of commonly used passwords based on 
data gathered during system compromises. Many of these are no great surprise. The firm 
SplashData produces an annual list of the top 100 passwords found in files stolen during 
data breaches. Here are the top 10 passwords on that list from 2017:
1.
123456
2.
password
3.
12345678
4.
qwerty

930
Chapter 21 

Malicious Code and Application Attacks
5.
12345
6.
123456789
7.
letmein
8.
1234567
9.
football
10.
iloveyou
These are 
real
passwords, used by 
real
people, on 
real
websites in 2017! Remarkably
SplashData also estimated that the top 25 passwords on the list made up 10 percent of all 
the passwords found in breach files.
Finally, a little knowledge about a person can provide extremely good clues about their 
password. Many people use the name of a spouse, child, family pet, relative, or favorite enter-
tainer. Common passwords also include birthdays, anniversaries, Social Security numbers
phone numbers, and automatic teller machine (ATM) personal identification numbers (PINs).

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   858   859   860   861   862   863   864   865   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish