Brute Force Attack
A brute force attack is an attempt to gain access to a system using successive login attempts. It can be performed manually or by using an automated script. In either case, a brute force attack tries different username and password combinations with the hope of discovering a valid login.
While brute force attacks are simplistic by nature, their implementation is often complex. Since most servers will block a user or IP address after multiple failed logins, a hacker may use multiple systems to perform a single brute force attack. Some attacks may use hundreds or even thousands of devices, similar to a distributed denial of service DDoS attack.
While the odds of guessing a correct login via a brute force attack are low, it is still one of the most common ways online accounts are compromised. Using enough attempts, it is theoretically possible to discover any login. However, short and common passwords are the most vulnerable.
How to Protect Against Brute Force Attacks
The two primary ways to protect your online accounts from brute force attacks are to 1) choose strong passwords and 2) use two-factor authentication.
1. Choose strong passwords
A fundamental step in securing any online account is to choose a strong password. This means choosing a password that:
- is long – at least eight characters, preferably 12 or more.
- contains special characters – including numbers and symbols, as well as lowercase and uppercase characters.
- is not personally identifiable – using a special date or the name of someone close to you makes it easy for someone to manually hack your account.
2. Use Two-Factor Identification
Some services allow you to enable two-factor authentication, which requires authentication from two devices. For example, you may be asked to enter a username and password on your computer, followed by a code sent via text to the phone number listed in your account. With two-factor authentication, even if a hacker knows your username and password, he or she will not be able to successfully log in to your account.
Updated: June 17, 2019