As the years move by, many researchers are trying to understand the magical mystery that is the End-User and, more specifically, End-User Passwords.
Most password cracking and bruteforce techniques are pretty advanced as they use different elements to discover behavior, probable words, and dates that might be relevant to a user. And there are also the famous rainbow tables ...But would these techniques ever work on a real-life system administrator of any type?
Lets face it, the real reason for getting behind the wheel and trying to discover a password is to access a privileged account such as a Root account or a Database account that will let you gain access to restricted systems and information.
The problem is that while an ordinary user might create his password using a name\number\ upper and lowercase letters, a system administrator that is trusted for such roles as DBA or Security Admin will usually break words into miscellaneous characters.
An experienced administrator will typically choose passwords that will most of the times be based on real dictionary words for ease of memory. However, they will use a special structure for those real words. So, a DB password might be the word "information," but it would be spelled with special characters, thus making it "1nf0rM@t1on!."
This method makes most dictionary attacks and low threshold rainbow tables irrelevant to a key search because they will take forever and will probably never find the right answer. As a result, they will probably revert back to the same old mind-aching brute force techniques.
So here are my thoughts ... it is possible to beat this.
Roughly calculating the numbers, there are probably several thousand proper English words or short phrases for a 7-10 character password (the common length of a password). And for each of those, there is an average of almost one hundred different mutations (p@ssword, Pa5$w0rD, etc.), which means that a fair enough dictionary can be built. And then a salted version of it can be built and then a rainbow table can be built, and in that way the attacker regains the ability to break in.
Now, don't submit your badge just yet - there are plenty of ways to fight this one off.
There are the almighty One-Time Password (OTP) solutions, which have been around for a number of years and have gotten better and better in the last couple of years. OTP means that a password is being generated for each login and is then revoked. With this method, we eliminate the fear of passwords - if we have no passwords to be stolen, its easier to keep ourselves safe.
More on this subject. Clearly, pa$$word$ are a problem and forgotten passwords are now insecure too. So, should we remember or forget or remember to forget vs forgetting to remember?
i personally think SSO (Single Sign-On) provides a good solution to the problem. In combination with two-factor authentication (tokens, smartcards (+ pin code), proximity cards (+ pin code) they offer a single authentication for the user and automation of password renewal (transparent for the user) and strong password policy (14+ random character password) for all applications. The user can still view his passwords and change them if necessary. Additionally there is a possibility to delegate entitlement to a appear (with or without approval by a superior) without sharing the password.
all in all, it takes more than just technology, but the solutions exist, take a look at them ;)