Dictionary Attack
What is Dictionary Attack?
A dictionary attack is a password attack in which an attacker tries a large list of likely passwords, common words, and predictable variations instead of guessing every possible character combination.
Examples
- An attacker tries thousands of common passwords such as "password123
- welcome1", and seasonal company-themed variations against a web login page.
Discover 🔎
Not every password attack relies on pure randomness. In fact, many attacks succeed because people are predictable. They choose words they can remember, reuse familiar patterns, add a number at the end, or build passwords from names, seasons, hobbies, or company references. A dictionary attack is built around that human habit.
This is why the attack remains so relevant. It does not try every possible password in existence. That would take far too long in many cases. Instead, it focuses on the passwords people are most likely to choose. The attacker is not assuming the user picked something truly random. The attacker is betting that the password is ordinary enough to appear in a prepared list.
Summary 📝
A dictionary attack is a password attack that relies on likely guesses instead of every possible guess. It works by using lists of common words, leaked passwords, and predictable variations to target the passwords people are most likely to choose. The strongest defenses are unique passphrases, multifactor authentication, secure password storage, and login protections that make guessing slower and harder.
Tip: The interactive version includes progress tracking, decks, and premium deep dives.