What is a dictionary attack?
A dictionary attack uses a brute-force technique of successively trying all the words in an exhaustive list (from a pre-arranged list of values). In contrast with a normal brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words in a dictionary. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries or simple, easily-predicted variations on words, such as appending a digit.
So, for example, your pet + the number 1 is not a good password (example: fido1). You kids name followed by their birth year is also not a good password. Come up with something more original. Mix it up a little bit. For example: my password for amazon could be Amm4z0n$$ where the a is a 4 and the o is a zero. I threw an extra m in there to make it not a regular word. Notice that one letter is capitalized. Now, true, capitalizing the first letter is pretty obvious but something is better than nothing. Passwords are case sensitive so adding a capital letter or 2 is always a good idea.
Here are some other fairly obvious online shopping best practices:
- Never give your password or login to anyone.
- Never cache or ask the website to remember your password and login.
- Try to never allow the website to save your credit card information.
- If you don't shop their frequently, use a guest account if offered instead of signing up.
- And the number one most important item: Make sure that the website is secure, that is, your URL in the browser address bar should say https://. The s is the important part s = secure. Also, there should be a little eyeball in the bottom bar of your Internet Explorer. An eyeball with a red circle and cross line in it means unsecure.
More in the next blog....