This attack method has been around for years and can also be employed as a means to find the key needed to decrypt encrypted files. While using words in the dictionary, as well as any derivatives of those words, such as character replacement with alphanumeric and non-alphanumeric characters, the dictionary in these types of attacks can also be a collection of previously leaked passwords or key phrases.
How to prevent a dictionary attack?
The length of the password is an effective defence against brute-force attacks. The best strategy for creating a long password, that is also memorable, is to make it a passphrase. A passphrase is a sentence or phrase, with or without spaces, typically more than 20 characters longer.
The words making up a passphrase should be meaningless together to make them less susceptible to social engineering. But a passphrase is only a good choice when it doesn’t appear on a list of leaked passwords.
Blacklisting these leaked passwords is an effective way to protect your organisation from falling victim to a password dictionary attack. You can take a look at a very popular cyber security website with one of the largest collections of leaked passwords on his site HaveIBeenPwned where you can personally search to see if your credentials have ever been leaked.
Also see: How to keep kids safe online
Another critical measure to prevent a dictionary attack is to stop password reuse between different password-protected systems. User training can help educate on the importance of not reusing passwords. However, the only way to remove this possibility is to blacklist leaked passwords at password creation.