While hashing our password obfuscates it, a malicious party may still be able to obtain the password of a targeted victim through the following means:
- Dictionary attacks: Exploit the fact that many users use common passwords (such as qwertyuiop). In dictionary attacks, a malicious party would use a program to try tens of thousands of the most likely passwords in the hope that one would succeed.
- Brute-force attacks: This is similar to a dictionary attack, but the program is run through all possible messages within a defined range (for example, all strings with lowercase letters under 13 characters, starting at a, b... aa, ab, ac, and going all the way to zzzzzzzzzzzzz).
Even if our passwords ...