What is a Dictionary Attack?

A dictionary attack is an attack on passwords that uses common words or phrases found in dictionaries to compromise user credentials. If you're someone who uses dictionary words or common phrases as passwords, you're at risk of becoming a victim of a dictionary attack.

Get Protected Now

How Does a Dictionary Attack Work?

During a dictionary attack, the cybercriminal will use a wordlist to try to crack a password using commonly used words, phrases and passwords. Commonly used passwords include passwords such as “123456”, “password” and “qwerty.” People use these passwords because they're easier to remember than using passwords that are long and complex, but doing so makes it easy for cybercriminals to crack them.

Cybercriminals will use programs that input the words off their wordlist so the process for them is not only easy, but quick. These programs can be designed to capitalize the first letter of a password, add numbers and substitute letters for numbers or symbols. This means that even a password such as “P@ssword” can be cracked using a dictionary attack.

Brute-Force vs. Dictionary Attack: What's the Difference?

A dictionary attack is a type of brute-force attack. What makes brute-force attacks different from dictionary attacks is that a brute-force attack will use a tool that tries every combination of letters, numbers and symbols until they successfully crack it. This can take seconds, days, months or even years, depending on the complexity and length of the password.

While every password is vulnerable to a brute-force attack, the same does not go for dictionary attacks. Dictionary attacks only attempt to crack passwords based on wordlists and don't try every possible combination of characters.

How Effective Are Dictionary Attacks?

The effectiveness of dictionary attacks varies. Since many people still reuse passwords and don't change them when they're a part of a breach, dictionary attacks are becoming more effective. This is because when a new breach happens, credentials are added to a database. When this database is updated, so is a cybercriminals' wordlist with common passwords – making it easier for the programs they use to successfully crack your passwords.

If you're someone who uses dictionary words or phrases in their passwords, dictionary attacks can be extremely effective at compromising your accounts.

How to Protect Yourself Against Dictionary Attacks

Follow our tips to help protect yourself from dictionary attacks.

Always use password best practices

When creating passwords you should always follow password best practices which include:

Not using personal information (e.g. addresses, names)
Not using dictionary words, common phrases, sports teams, restaurants, celebrities, etc.
Not reusing passwords across multiple accounts
Creating passwords that are at least 12 characters long
Using a combination of upper and lower case letters, numbers and symbols

To make sure you're always following password best practices, it’s best to use a random password generator to help you create them. Since passwords created with a password generator are complex, it can be hard to remember them all yourself, which is where a password manager can help.

Use a password manager

Using a password manager to securely store your passwords removes the burden of having to remember them yourself. The only password you’ll have to remember is your master password which acts as the key to enter your password vault. What makes password managers handy is that they’ll also generate passwords for you. Once the password is generated and saved in a record, your password manager will autofill your credentials when it detects the website or app from your saved record.

With a password manager, you’ll never have to worry about being a victim of a dictionary attack since each password that is generated is strong, unique and doesn’t use any dictionary words or phrases. Keeper Password Manager offers a free 30-day trial so you can start securing your accounts today.

Enable 2FA and MFA on your accounts

Two-Factor Authentication (2FA) is oftentimes overlooked because of the additional step it adds to log into your accounts. 2FA is vital to keeping your accounts secure because it adds an extra layer of security by requiring you to verify your identity using additional authentication methods such as:

Email and text codes
Authenticator apps
Biometric authentication (e.g. Face ID)
Physical security keys
Security questions

If a cybercriminal were to successfully crack your password using a dictionary attack, but your account had 2FA enabled, the bad actor would still have to verify your identity.

To add even more layers of security, you can enable Multi-Factor Authentication (MFA), which adds two or more additional authentication methods before you can successfully log in to your accounts.

Change your passwords after a breach

Companies you have accounts with may experience a data breach, and when they do, it’s critical you change your password for that account immediately.

As an extra precaution, you can change the passwords for all your accounts. While this can be a lengthy task, a password manager like Keeper can aid you in changing your passwords quickly.

Stay Protected From Dictionary Attacks With Keeper

Don’t fall victim to dictionary attacks due to poor password habits – start your free trial of Keeper Password Manager today and start securing your accounts from common password attacks.

Always use password best practices

Use a password manager

Enable 2FA and MFA on your accounts

Change your passwords after a breach

Business and Enterprise

Public Sector and FedRAMP

MSPs

Personal and Family

Personal and Family

Business and Enterprise