The University of Waikato - Te Whare Wānanga o Waikato
ICT Self Help
Home Waikato Home  >  ICT Self Help  >  Information Security Awareness  >  Ways in which passwords are vulnerable Staff + Students Login |  - Logout

Ways in which passwords are vulnerable

  • Many people do not change the default password that comes with computer hardware such as wireless routers and access points, mobile phones and applications. Lists of default passwords are freely available on the Internet and are largely the first passwords tried by automated systems or motivated individuals.
  • A password may be guessable if someone chooses a piece of personal information as his or her password. Such items include a student ID number, boyfriend or girlfriend's name, birth date, telephone number, or license plate number. Personal data is now available from various sources, many online, and can often be obtained by someone using social engineering techniques such as posing as an opinion surveyor or simply viewing your public social media accounts.
  • A password is vulnerable if it can be found in a list of commonly chosen passwords. Dictionaries, often in computer-readable form, are available for many languages, and lists of passwords are easy to get a hold of. In tests on live systems, dictionary attacks are so routinely successful that software implementing this kind of attack is readily available.
  • A password that is too short, perhaps chosen for ease of typing, is vulnerable if an attacker can obtain the cryptographic hash (mathematical function which maps values from a large domain into a smaller range) of the password. For example, computers are now fast enough to try all alphabetic passwords shorter than seven characters.
<< How passwords are cracked  |  Tips for making your password stronger >>

How To Guides

Your step by step guide to various ICT services.

Help & FAQ's

View FAQs on our available topics.

Policy & Standards

View documented policies & procedures.

ICT Glossary

Site Map