Skip to content

4. Launch a Dictionary Attack on Yourself

Playback Speed:
Transcript

In the previous videos, you created numerous variations on common words.

Now, you will see how hackers attack your passwords in a dictionary attack.

In your Dictionary Attack spreadsheet, return to the tab with your ten fake passwords.

Select the cells in column B, and insert checkboxes.

You will use them later to note whether your fake passwords were guessed in your dictionary attack.

Now, copy the first password in your list.

Return to the 5,000 word list sheet, and open the find and replace tool.

Paste your password in the find field.

Then, select the options to make sure your results: are from the dictionary attack word list sheet, and match your password exactly.

Then, click find.

If the password appears in the spreadsheet, it would have been guessed in the dictionary attack.

Check the box next to the first password if it would have been guessed in a dictionary attack.

If not, leave it blank.

Now, repeat the process for your second password.

Copy it, then use the find and replace tool in the word list spreadsheet to search for it.

Select the same options.

If the password appeared in the search, check the box in column B.

If not, leave it unchecked.

Now, search for your third password.

In this example, the word is in the spreadsheet, but it is lower-case.

It may not be an exact match, but the programs hackers use automatically vary words by making the first letters upper-case.

This word would have been guessed in a dictionary attack.

Continue the process until you have searched for all ten of your passwords.

How many of the passwords you created for this lesson would be guessed in a dictionary attack?

How many would be guessed if a hacker was using a list of ten thousand words -- or a list of thousands of popular first and last names, street names, or cities and towns?

And what if a computer program automatically added hundreds of possible variations to these words?

Just because a password wasn’t guessed in this attack does not mean it’s secure.

Move on to the next video to create passwords that hackers are very unlikely to guess.

Now, it’s your turn: Use the find and replace tool to search for each password, Search in the word list sheet, and match the passwords exactly, Insert checkboxes next to your passwords, And check the boxes for each password that was guessed in this pretend dictionary attack.

Next
Instructions
  1. Use the “find and replace” tool to search for each password.
  2. Search in the word list sheet, and match the passwords exactly.
  3. Insert checkboxes next to your passwords.
  4. Check the boxes for each password that was guessed in this pretend dictionary attack.