There are various attack methods to illegally obtain passwords, such as brute force attacks and fake websites.

The following attack methods can be used to illegally obtain passwords.

Brute force attack

Brute force attack is a simple method of entering all possible password patterns for a password.

For example, if your password is a 4-digit number, there are 10,000 possible combinations from 0000 to 9999.

By trying all this, you are sure to find the correct password.

If you try this manually, it can be a pain, but by having a computer program do it automatically, you can try passwords without any hassle.

Dictionary attack

Dictionary attack is a type of Brute force attack, and is an attack method that involves inputting various character strings that are combinations of words registered in the dictionary.

Attempts to log in by guessing passwords using combinations of common words, people's names, place names, etc.

In many cases, common words are used to avoid forgetting passwords, so Dictionary attack can find the correct password in a relatively short time.

Phishing

Phishing is the act of stealing personal information such as addresses, ATM pin numbers, and credit card information by pretending to be a real organization or service.

The trick is to pretend to be from a financial institution or a well-known company, and send emails pretending to be notifications to users, leading them to a fake site that looks exactly like the real one.

There, they steal information by asking them to enter credit card numbers, IDs for various services, passwords, etc.

man-in-the-middle attack

man-in-the-middle attack is an attack method in which a third party intervenes between two communicating parties to eavesdrop on information or intervene in communications.

Attackers need to remain undetected, so they act unnoticed while eavesdropping on communications.

As a result, there is a delay in noticing that the victim has been victimized.

Credential stuffing

Credential stuffing is an attack method that attempts to illegally log into various online services using stolen account information such as IDs and passwords.

This takes advantage of the fact that users often reuse the same password for multiple accounts.

Credential stuffing uses automated tools to attempt to log in to various services.

Successful logins can be used for various fraudulent activities, such as accessing bank accounts and social media.

Password spray attack

Password spray attack is an attack method that attempts to log in to multiple user accounts with the same password.

Many login systems lock your account if you fail to log in a certain number of times, preventing you from logging in for a certain period of time.

Password spray attack attempts to log in while keeping one fixed password and changing the account name.

Therefore, it will appear that each different user has a failed login, thus avoiding account lockout.

Keylogger

Keylogger refers to software or hardware that records input from devices such as keyboards and mice.

Originally, it was used to record operations performed on a computer, but it is now being used illegally to steal information such as passwords and credit card numbers.

Since Keylogger can retrieve information entered on the keyboard, login IDs and passwords can be stolen, allowing unauthorized logins, and personal information such as credit card information can be stolen.