In This Chapter

Password hacking is one of the easiest and most common ways attackers obtain unauthorized computer or network access. Although strong passwords — ideally, longer and stronger passphrases — that are difficult to crack (or guess) are easy to create and maintain, network administrators and users often neglect this. Therefore, passwords are one of the weakest links in the information security chain. Passwords rely on secrecy. After a password is compromised, its original owner isn't the only person who can access the system with it. That's when accountability goes out the window and bad things start happening.

Hackers and rogue insiders have many ways to obtain passwords. They can glean passwords simply by asking for them or by looking over the shoulders (shoulder surfing) of users as they type them in. Hackers can also obtain passwords from local computers by using password-cracking software. To obtain passwords from across a network, attackers can use remote cracking utilities or network analyzers.

This chapter demonstrates just how easily hackers and rogue insiders can gather password information from your network and computer systems. I outline common password vulnerabilities and describe countermeasures to help prevent these vulnerabilities from being ...