Tweet
Although it is decidedly old school, guessing passwords manually can potentially yield results, especially in an environment where good password practices are not followed.
An attacker may target a system by doing the following
Of course this process can be automated through the use of scripts created by the attacker, but it still qualifies as a manual attack.
This type of attack becomes more valid if it is possible to get personal information from the target. Information about family names, pet names, kids birthdays etc. might help and this kind of information is likely already available on social media. A bold attacker might just ask the victim about this kind of information and as this seems like small-talk it will likely not even sound any alarm bells.
An attacker may target a system by doing the following
- Locate a valid user
- Determine a list of potential passwords
- Rank possible passwords from least to most likely
- Try passwords until access is gained or the options are exhausted
Of course this process can be automated through the use of scripts created by the attacker, but it still qualifies as a manual attack.
This type of attack becomes more valid if it is possible to get personal information from the target. Information about family names, pet names, kids birthdays etc. might help and this kind of information is likely already available on social media. A bold attacker might just ask the victim about this kind of information and as this seems like small-talk it will likely not even sound any alarm bells.