| Setting up a program that tries many sample passwords for one or more users is one of the simplest attacks that attackers use, yet it's still one of the most effective. It works because users don't understand that the attack tools generally use large dictionaries of words and modify those by adding 1's to the end, replacing letters with similar numbers, and trying words backwards. When the systems in question are fast enough, some attackers will try every password that can be generated with one to six lower-case letters. A user can dramatically better his odds against password theft by choosing a password that's both long and uses characters from a larger keyspace, including capitals, numbers and symbols. Linux can be configured to require this kind of password strength. |