The easiest and most common attack is to try to get the user credentials from an authorized user.
Prevention Techniques
- Security Awareness Training
- Better Passwords
- 2FA (2-Factor Authentication)
NIST SP 800-63b → Suggested Rules for Password verifiers
Unallowed passwords:
- Passwords obtained from previous breaches
- Dictionary Words
- Repetitive and sequential characters
- Context-specific names (Such as of the service, etc.)