A dictionary attack is used by hackers by trying potential passwords from a prearranged list or lists of words and/or known passwords.
Typically these lists are derived from a list of common words found in a dictionary (hence the phrase dictionary attack), a list of common non-word passwords (like qwerty, 123456, etc) or a common word with a number and/or special character at the end (like Password!).
Advanced forms of dictionary attacks might work on letter replacement, where certain letters are replaced with a number or symbol that looks like that letter. This is often used by people when they are creating a new password.
In addition to the common passwords, which you should never use, you also want to avoid combinations of your name and a number. A dictionary list might try something like your name, for example Smith, with some common numbers that could relate to the year you were born, or a lucky number. For example:
- Smith86
- Smith007
- Smith1
- and other similar examples.
This is smarter than a brute force attack because it’s looking at logical combinations, not every combination.
The easiest way to thwart a dictionary attack is to not use common passwords, anything with your name in it, or a single word. Instead, use a passphrase where you have multiple words joined to make one long password.