A dictionary attack is a method used to break into a password protected system. In contrast to brute-force attacks, which try all possible combinations of characters, a dictionary attack concentrates on trying to guess passwords by using words (or even alternatives such as names and place names), or variants of them, to find the password in question. More advanced dictionary attack programs can also use common character replacements (such as the character 1 in place of an i), which allows them to anticipate such attempts to create stronger passwords using more character sets. Advanced pre-defined dictionaries are also likely to include the most commonly used password combinations, which may or may not be comparable to regular words or names.

Dictonary attacks work because people are much more likely to use words in their passwords than using a meaningless combination of characters, which are much harder to remember. One way to defeat possible dictionary attacks is to use a passphrase such as the Diceware method, or to remember a set of meaningless characters more easily by using the Schneier method.


Last updated: 30 October 2017