Dictionary Attack
Definition
A dictionary attack is a password-cracking technique that uses a precompiled list of common words, phrases, and known passwords to guess a user's credentials.
Examples
- An attacker uses a list of leaked passwords to attempt logins to thousands of email accounts.
- A script cycles through a dictionary of words and variations to crack the password protecting a ZIP archive.
Overview
A dictionary attack is a form of brute-force attack that targets authentication systems by systematically trying words from a list — or ‘dictionary’ — of potential passwords. Rather than guessing every possible combination of characters (like a full brute force attack), dictionary attacks take a more efficient approach by assuming users choose passwords that are predictable or commonly used.
This attack relies on the human tendency to select simple, familiar passwords. Attackers often build their dictionaries using leaked password lists, commonly used words, keyboard patterns, names, phrases, and basic word variations. Because dictionary attacks avoid random guessing, they are typically faster and more successful than raw brute-force attempts — especially against users with weak password hygiene.
Tip: The interactive version includes progress tracking, decks, and premium deep dives.