Connect with us

Brute Force Attack

« Back to Glossary Index

What Is Brute Force Attack?

A brute force attack, also known as an exhaustive search, is a cryptographic hack that attempts to guess possible combinations of a targeted password until the correct password is found. Although it’s an old attack method, it’s still effective and popular with hackers.

Deeper Definition

A brute-force attack uses automation and scripts to guess passwords. Typical brute force attacks make a few hundred guesses every second. Simple passwords, such as those lacking a mix of lower and upper cases or using common expressions like “12345,” can be cracked in minutes, while strong passwords can typically take hours or days.  Usually, an attacker uses it on local files, where there are no limits to the number of attempts an attacker has. However, using brute force is an exhaustive effort rather than employing intellectual strategies.

There are different types of brute-force attacks. They include:

  • Credential Stuffing: It is an attack that occurs when a user’s account is vulnerable to hacking, and the attacker tries the username and password combination across multiple systems.
  • Reverse brute force attack: Begins with an attacker using a common password or a hunch of the password. The attacker uses the targeted password against multiple usernames or secured files to gain network or data access. The attacker then follows the same process to find the correct username.
  • Dictionary attack: A hacker tests all words in a dictionary to find a password in this attack. To crack longer passwords, attackers can step up their game by mixing words with numbers, characters, and more. 

There are measures a user may take to protect their device against brute force attacks right:

  • Increase password complexity: Use minimum passphrase length and special characters.
  • Limit failed login attempts: Protect systems and networks by implementing rules that lockout a user after a specified number of attempts to log in.

Brute Force Attack Example

Mark used a dictionary word to register on a new social media website. He planned to change it later but didn’t find time to do it. One day, a hacker executed a brute force attack on some users on the new social media website. Mark’s account was among the ones compromised because the system tried several dictionary words.

« Back to Glossary Index

Get the news right in your inbox