Passwords can be captured three basic ways; 1). A password holder can be tricked into disclosing their password to an unauthorized party (ie; phishing), 2). A password can be stolen without the password holder's knowledge (ie; spyware installed on the user's device), and 3). A password can be recovered from a password's hash signature using cryptanalysis, such as the brute force attack described on page one.
The method of attack will depend whether the attack is directed toward a specific individual or entity, done in bulk, conducted online or off and how much time and resources are available to the adversary. Understanding these basic approaches will help develop strategies to protect one's confidential data.
Individually Targeted Attack
If an individual is targeted specifically the adversary is likely to first attempt to insert malware on the targeted individual's device. The objective is capture the password in plaintext and circumvent the need to use time consuming computational methods to "capture" the password. This is the role of malware and spyware. Malware can be delivered a number of ways including over the Internet, by email, drive-by-downloads, locally infected PCs, portable storage devices and other peripherals. In a proactive targeted attack adversaries often begins by gaining information about the individual, usually from social media sites or other sources that allow the adversary to craft a message appearing to be from a trusted source that either contains the spyware or directs the target to web resource with the spyware. Once the target opens the email or visits the contaminated site and the spyware is in place the spyware waits until the user enters the password. The plaintext password is then stolen and forwarded to the adversary. Keystroke logging and screen capture spyware is especially dangerous because it can capture any passwords entered on the device including passwords for online accounts, protected network resources or local file & disk encryption solutions.
And if the adversary is able to obtain one's plaintext password, password strength is irrelevant. This is why adversaries will likely make an attempt to capture the passwords this way before using other methods. The importance of device security to password security cannot be overstated.
In addition to attack by spyware, a malware contaminated device can launch MITM (Man-In-The-Middle) or MITB (Man-In-The-Browser) attacks by redirecting one's browser from a site they requested to an alternate page designed to masquerade as the desired page. The user, not suspecting anything unusual enters their password into the fake login site and the adversary gets the plaintext password and access to the account. The adversary can simultaneously authenticate the user to the real site so that the account holder is unaware anything is unusual.
The best defense to attack by malware of all forms is to protect the integrity of the user's device and for the device to have a trusted and verified "safe" state for each use.
If the adversary is persistent and cannot remotely install spyware-malware they may arrange to physically install spyware or surveillance equipment on or near the target's device. Threats of this kind require a comprehensive security plan including physical security, RF shielding, personnel security and strict control over one's supply chain.
Bulk Password Attack
The type of attack most people will encounter are those occuring when password data is stolen in bulk from an organization's data center. This type of data theft is frequent and can easily involve the passwords of hundreds of millions of individuals or more in a single incident. Collectively the number of people affected by bulk password theft can be in the billions.
The Relationship Between Password Storage & Vulnerability
When IT managers configure systems for password storage they make implementation choices that greatly affects the ability of those systems to protect the passwords against attack. Industry best-practices call for the passwords to be hashed and for only the hash signature to be stored, as opposed to the plaintext password.
A hash is a mathematical function that transforms the plaintext password into an unrecognizeable digital signature. The hash algorithm is designed to be one-way. That is, inputting the password into the hash produces the digital signature, but attempting to derive the password from its signature is so computationally difficult as to be intractable. So in practice what is stored in the device or the authentication server is not the actual password but the password's corresponding digital signature. IT managers can further protect password data via the use of a salt, which is also among the best-practice . A salt is additional information appended to the hash signature to increase the total entropy of the stored data. The use of judiciously selected hash algorithms and salts can slow or deter offline attacks by greatly increasing the computational challenge to the adversary.
The challenge for password creators is that they have no control of the method used to store the passwords they've created and the analysis of security breaches show that too many IT administrators fail to follow industry best-practices or even simple protection methods when designing their security systems. The advice for password holders is to use the strongest passwords they can because protective measures available to IT staff at the remote site may be minimal or poorly implemented. In that event the best defense is the strength of their password alone. This is because once an adversary has captured the password hash signatures and possibly associated salts, they have so many ways to conduct an attack offline, as shown below:
Pre-Calculated Hash Lists (Rainbow Tables)
The existence of hash tables are well documented. One point of debate is how large of a password the tables have already been generated. Earlier reports refer to tables covering passwords of 8 characters. Today, this could be much higher. Given the vast amount of computing power available today it would be within reason to believe that the hash signatures of every possible password of up to 12 lower-case English letters, numerals and special characters (ie; 91.8 bits of entropy) are already in the hands of potential attackers and that passwords with this level of entropy or less could be captured with minimal effort.
In one reported case of a friendly attack on one million hashed passwords, roughly 60% of them were defeated near instantly using this approach.
Dictionary Words & Phrases
Immediately after rainbow tables have used to capture passwords, another pass will be made examining hashes of words, phrases and phrase derivatives. While making a password longer (ie; greater than 12 characters) using a phrase helps to avoid the password being defeated with rainbow tables a password made from dictionary words reduces randomness and makes the characters predictable.
For instance, the password "youwillnevergetmysecret" is potentially easier to capture than the password "GsRWQ4HEB3k9oYCp3S" even though the first password has 23 characters and the second has only 18. Dictionary words and the rules of grammar also helps the attacker focus on likely word combinations and the tools available allow them to quickly test alternate spellings and punctutation such as "YouwilLneveRgEtmySecret".
Previously Used Passwords
Like rainbow tables, list of previously used passwords are available. Lists of passwords reveal common patterns people use to construct their passwords and rules can be made to automate an attack exploiting these patterns.
One can make an especially long password constructed from text found in books, movies, songs, etc but password attackers have already digested much of the world's published digital material and can test hashes of millions of popular quotes and phrases too.
Whenever an attacker has an opportunity to capture a plaintext password instead of the password's hashed signature it will be done. This method generally produces the fastest results. Alternatively if the adversary gets a copy of the password's hashed signature there are a range of tools they can employ to limit the range of guesses, and time, needed to capture a password. As reported, many weaker passwords will be quickly revealed with rainbow tables alone. When rainbow tables have been exhausted methods that apply patterns of language, grammar and human behavior will be applied.
If all the attack strategies above fail the attacker still has tools in their arsenal and can employ the computationally intensive brute force method described on this site's main page. Because that method is deterministic we can estimate Maximum-Time-To-Defeat. From the perspective of the password holder the MTTD represents their best case scenario, because the attack strategies that capture the plaintext password or offline attacks described above can reveal a password much faster than brute force and they will almost always be done first.