1.4.11 Password Guessing
A 'black hat' will have in their toolkit several password guessing programs, which automate the process of rapidly testing many potential passwords for a given account. The most commonly used password guessing method is the dictionary attack (See 22.214.171.124)
Typically systems help guard against this by logging login attempts, perhaps flagging unsuccessful attempts in big red letters. Also make sure that if your system offers the availability to lock a user account after some number of unsuccessful login attempts, that you use it (somewhere around 3 to 5 seems to be the magic number of attempts usually tolerated before you should get worried that someones trying to guess a password).
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.