Stages of checking password crackability
- Check if password is empty.
- Check if password is equal to the username.
- For system (or application) provided accounts, use the Google to find default passwords provided by manufacturers’, and test them against these accounts on your system(s).
- Check if password is in the custom assembled corporate dictionary.
- Check if password is in the selected language’s dictionary. (see: https://eikonal.wordpress.com/2010/03/29/default-passwords/)
- Check if password is a dictionary word + one digit.
- Check if password is an 311tized word.
- Is password the concatenation of multiple words.
- Check in the database of precomputed password hashes.
- Desperate measure: brute force cracking.
RSS feed for comments on this post. TrackBack URI