What Exactly Is A Dictionary Attack?

what is a dictionary attack?

A dictionary attack is where a hacker will attempt to gain access to a password-protected site or area by using ‘every word in the dictionary’ as a means of guessing the required input.

Such an attack has the potential to be quick to resolve, especially against home computer users, because many people choose incredibly poor passwords that are simply common words or names.


In such instances a dictionary attack will be more efficient than the alternative which is a brute force attack.

Where administrators have employed effective passwords the chances of a dictionary attack succeeding are very slim in comparison.

When a password is simply a word the chances of a dictionary attack successfully discovering what that word is depend very much on it’s length, which language has been used, commonality and the size of the dictionary being employed.

Dictionary attacks can also experience a higher level of success when they utilise string manipulation.

Examples of string manipulation include inserting capitalised letters into words, spelling words backwards and using common number replacements, i.e. replacing the letter ‘a’ with the number ‘4’.

Dictionary attack effectiveness can also depend upon the types of words being checked and the order in which they are tried.

For example, using lists of names can often yield quick results due to the fact that so many people use their own name as their password!

When a dictionary attack proves fruitless the hacker may use less subtle means, such as a brute force attack which I’ll cover in the next post.

Preventing someone from gaining your password, either through brute force or via a dictionary, may be next to impossible.

However, if you choose an effective password you decrease their chances of a quick success which may just cause them to go looking for a softer target.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.


  1. You’d be amazed at how stupis some peoples passwords are, such ass “password” or “their name”. They probably deserve what they get.


  1. […] is good enough? The general idea is that you should have a password that is not found in the dictionary. That means you are going to have to mix and match different letters together that do not make any […]

  2. […] Just as badly by the looks of it – this too is a commonly used password, lacks variety and is a dictionary word. […]

  3. […] information and uses it at another time.There are different variations of a brute force, such as a dictionary attack, but no matter the variation it can prove to be a very effective attack for someone that is new to […]

  4. […] to use other common dictionary words or oft-used phrases that are remarkably easy to crack with a dictionary attack that would take about 0.3 seconds to complete.According to Ars Technica, Microsoft is also […]

  5. […] make sure that the password does not contain any dictionary words.If the word is in the dictionary then that means it is going to be easy to guess with some of the software out there.If you do want […]

  6. […] you don’t wish to fall victim to a dictionary attack then please read this : 10 Tips For Creating Effective […]

  7. […] your system can not hold up against a simple dictionary attack, then you have a major […]

  8. […] What Exactly Is A Dictionary Attack?Phishing – What Is It And How Can You Avoid It?In What Ways Can A WLAN Be Attacked?Are You Prepared For World War III?Do You Know The 4 Ways Of Stopping The Confiker Virus?DoS vs DDoS – What Is The Difference?What Exactly Is A DDoS Attack?10 Security Plugins For WordPress BloggersHow Do I Secure My WLAN With Encryption?Miley Cyrus And Rollin’ Rick Astley Are Not Dead! […]

Speak Your Mind