Password cracking is a general term describing a group of techniques that are used to obtain the password to a data system. Password cracking specifically refers to processes by which one obtains a password from existing data; simply tricking an individual into giving up a password, as through phishing, is not considered to be password cracking. Guessing a password based on pre-existing knowledge of the computer system's owner, however, is considered cracking, as the password is not known in advance. Most methods of obtaining passwords, however, involve repeated guessing or exploiting security weaknesses in the computer system.
There are several different methods of guessing an individual's password. One can, for example, use knowledge of the person whose system he is attempting to crack to predict possible passwords. The names of loved ones or pets, significant dates, phone numbers, significant places, and common usernames are all notorious, easily guessable passwords.
Another method of guess-based password cracking is known as a dictionary attack. Many people use passwords that can be found in a dictionary or words followed by a single number. Many cracking programs categorically attempt to enter dictionary words and number combinations in order to crack a password. Dictionary attacks are generally useless against complex passwords, but they tend to be highly effective against any single-word password.
A brute-force attack is another method of password cracking that is significantly more powerful than a dictionary attack. A brute-force attack program will try every possible character combination until it sets upon the proper password. This is highly time consuming as there are countless possible letter, number, and symbol combinations than an individual could use for a password. As computer processors become more and more powerful, though, it is an increasingly plausible method of password cracking.
Other methods of password cracking involve cracking the computer system's cryptographic hash function. A cryptographic hash function is a procedure that converts a password to a uniformly sized bit string. If the hash can be cracked, it may be possible to reverse-engineer the password. Most hash functions, however, are highly complex and cannot be cracked without significant time and effort.
While a skilled computer security expert can crack many varieties of passwords, there are steps that one can take to avoid password cracking attempts. Complex passwords are always better than simple ones. Passwords that use uppercase and lowercase letters, numbers, and symbols are much harder to crack than passwords using only one or two of those options. A brute force attack would need to work through many more possibilities before it could come upon the correct password.