What is a dictionary attack? And how you can easily stop them

A targeted form of brute force attack, dictionary attacks run through lists of common words, phrases, and leaked password to gain access to accounts.

Triangular alert with exclamation mark amid abstract binary and sketches of scattered books.
WhataWin / Bigmouse108 / Getty Images

Dictionary attack definition

A dictionary attack is a brute-force technique where attackers run through common words and phrases, such as those from a dictionary, to guess passwords. The fact people often use simple, easy-to-remember passwords across multiple accounts means dictionary attacks can be successful while requiring fewer resources to execute.

“A dictionary attack is a type of brute-force attack, but it uses a predefined list of passwords that would have a higher probability of success,” says Deral Heiland, IoT research lead, Rapid7. “This dictionary list could contain things such as regional sports teams names, team member names, names related to the organization being attacked, commonly used passwords often containing ‘spring,’ ‘summer,’ ‘winter’ and ‘autumn’ and variations of all those modified to meet password requirements.”

What’s the difference between dictionary and brute-force attacks?

Where traditional brute-force attacks try every possible combination systematically to break through authentication controls, dictionary attacks uses a large but limited number of pre-selected words and phrases. Not going through every possible combination reduces the likelihood that a difficult password will be guessed correctly, but a dictionary attack requires less time and resources to execute.

To continue reading this article register now

The 10 most powerful cybersecurity companies