what is a dictionary attack

Dictionary attacks are a common method hackers use to try to crack passwords and break into online accounts. 

While these attacks may be effective against people with poor account security, it’s extremely easy to protect yourself against them by using strong passwords and two-factor authentication. This article explains how dictionary attacks work and how to prevent them. 

Dictionary attack definition

A dictionary attack is a type of brute force attack where an attacker uses a program to try and guess your password by testing a huge selection of words and phrases, one by one. The dictionary in the term is literal; the attacker is going through all the words in the dictionary, as well as commonly used passwords or password structures (like names and dates).

This means that if you protected your account with password123 or something along those lines, chances are an attacker has put it in their dictionary. Same goes for passwords leaked in a breach, as many people reuse their passwords multiple times, whether because of password fatigue or simply a lack of awareness.

Many people try to improve their password security by using numbers or symbols in place of letters, so P@55word or something along those lines. However, attackers have figured out this tactic and will substitute capital letters, numbers, and symbols in commonly used phrases.

One example of a successful dictionary attack was the 2012 Dropbox security incident, in which an attacker got hold of a Dropbox employee’s password, added that to their dictionary, and then was able to access Dropbox’s systems. As many as 68 million users’ credentials were leaked in this attack, making it one of the worst in cloud history.

Protecting against dictionary attacks

As serious as dictionary attacks can be, they’re one of the easiest attacks to avoid. First of all, online services have some responsibility here, as they should have systems in place that lock out a user making multiple access attempts. As dictionary attacks require a lot of attempts, this is a good way to thwart them.

But you can make a successful dictionary attack virtually impossible by creating strong passwords for all your accounts (and make sure each password is unique for good measure). Any password you use more than once leaves you open to attack, as that Dropbox employee found out.

To create a strong password, you need two things: the password needs to be at least 16 characters long and random. Random means exactly that, too; you can’t use a regular word and then substitute letters with numbers. Attackers are wise to that and get around this with ease.

To create random passwords, you should use a password generator, which will do a better job than any human can. Of course, there remains the issue of remembering this random password. This is where password managers come in.

How Proton can help fight dictionary attacks

A password manager is a program that generates, stores, and autofills your passwords as you browse the web. They’re the only viable way to maintain the use of random passwords. They’re also a massive upgrade to your online quality of life, as autofilling passwords with one click is wonderful if you’ve previously typed out your passwords.

However, at Proton we felt that most password managers on the market left a lot to be desired, which is why we developed Proton Pass. It offers the baseline features like generating and saving passwords, but then goes a lot further.

For one, Proton Pass offers end-to-end encryption, which encrypts your passwords at all times. Even if your traffic to our servers was somehow intercepted, the attackers would only get away with encrypted data, nothing they can use.

We also offer Pass Monitor, a tool that lets you track which of your passwords are weak, and thus more susceptible to a dictionary attack. It also alerts you when any of your email addresses have been exposed in a data breach, giving you the ability to change your password before an attack is carried out.

When you use Proton Pass to generate a password, you also have a lot more options that improve password entropy, or how random it is. Also, you can choose between strong, random passwords or long passphrases, which are a lot easier to remember, perfect for securing access to your password manager.

We also offer passkeys, a state-of-the-art technology that allows for passwordless authentication, thereby making you immune to dictionary attacks. Few password managers offer this functionality, and none are as flexible as Proton Pass, letting you use passkeys on any system that supports them.

We can offer these advanced features, and more, because we are entirely funded by subscriptions — no venture capital, no advertisers — and thus rely on you to keep us in business. As a result, we’ll always put you, our community, first. If that sounds like something you’d like to be a part of, join Proton Pass today.

Protect your passwords
Create a free account

Related articles

Google is one of the biggest obstacles to privacy. The Big Tech giant may offer quick access to information online, but it also controls vast amounts of your personal or business data. Recently, more people are becoming aware of the actual price you
What to do if someone steals your Social Security number
If you’re a United States citizen or permanent resident, you have a Social Security number (SSN). This number is the linchpin of much of your existence, linked to everything from your tax records to your credit cards. Theft is a massive problem, whic
compromised passwords
Compromised passwords are a common issue and probably one of the biggest cybersecurity threats for regular people. How do passwords get compromised, and is there anything you can do to prevent it? * What does compromised password mean? * How do pa
Is WeTransfer safe?
  • Privacy basics
WeTransfer is a popular service used by millions worldwide to send large files. You may have wondered if it’s safe or whether you should use it to share sensitive files. We answer these questions below and present a WeTransfer alternative that may su
Data breaches are increasingly common. Whenever you sign up for an online service, you provide it with personal information that’s valuable to hackers, such as email addresses, passwords, phone numbers, and more. Unfortunately, many online services f
Secure, seamless communication is the foundation of every business. As more organizations secure their data with Proton, we’ve dramatically expanded our ecosystem with new products and services, from our password manager to Dark Web Monitoring for cr