Skip to main content

1.2 Suspicious Wi-Fi Login

Topic 1.2: Suspicious Wi-Fi Login

An online password attack is a method used by adversaries to gain unauthorized access to a device or an online service by repeatedly attempting to log in. These attempts may involve using lists of common passwords, password patterns, or credentials that have been stolen from other data breaches. Because these attacks occur against a live login portal, they can often be detected by monitoring login activity.

Several signs can indicate that an online password attack is underway. A primary indicator is a high number of failed login attempts occurring over a very short period. For example, dozens of failed attempts for a single account within a few minutes is highly abnormal for a legitimate user. Another sign is login attempts that occur at unusual times, such as the middle of the night, when the actual user is unlikely to be active. Similarly, login attempts originating from unknown devices or unfamiliar geographic locations can also signal a potential attack. Monitoring systems can flag these anomalies and alert security personnel or the account owner.

Adversaries are often successful because they exploit the common habits people have when creating passwords, which leads to weak authentication. Many individuals use predictable patterns, such as combining a common word with a year and a special character at the end (e.g., "Password2024!"). Others incorporate personally significant information into their passwords, such as the names of their children or pets, birthdays, or anniversaries. This information can sometimes be gathered from public sources like social media profiles. Adversaries can use this information to build a specialized dictionary of potential passwords tailored to a specific target and use automated tools to try each one.

To defend against these attacks, it is crucial to make authentication stronger. The first step is to create passwords that are long, complex, and random. A strong password should not contain personally significant information and should use a mix of lowercase and uppercase letters, numbers, and special characters. These elements should be distributed throughout the password rather than following a predictable pattern.

The most effective way to enhance security is by enabling multifactor authentication (MFA) whenever it is available. MFA requires a user to provide two or more forms of verification to prove their identity. This adds a critical layer of security beyond just a password. For example, after entering a correct password, a user might be required to enter a one-time code sent to their smartphone or use a fingerprint to gain access. Even if an adversary manages to steal or guess a password, they would still be blocked from accessing the account without the second factor of authentication.