Blue Team Defense against Password Attacks

Protection against cracking relies on secure implementation and strong user policies.

Implementation Defense

1. Salting: Ensure all passwords are cryptographically salted using a unique, random salt for every user.
2. Key Stretching/Hardening: Use slow, resource-intensive hashing algorithms like Bcrypt or Argon2 instead of fast algorithms like MD5 or SHA-1. Slower algorithms increase the time (and cost) for an attacker to crack passwords, even with GPUs.
3. Never Store in Plaintext: Always hash passwords before storing them.

Policy Defense

1. Enforce Length: Prioritize password length (14+ characters) over excessive complexity requirements.
2. MFA: Require Multi-Factor Authentication for all high-value accounts.
3. Account Lockout: Implement policies to temporarily lock accounts after a small number of failed login attempts (e.g., 5 attempts in 5 minutes) to deter online brute-forcing.