Home : Internet Terms : Brute Force Attack Definition

Brute Force Attack

A brute force attack is an attempt to gain access to a system using successive login attempts. It can be performed manually or by using an automated script. In either case, a brute force attack tries different username and password combinations with the hope of discovering a valid login.

While brute force attacks are simplistic by nature, their implementation is often complex. Since most servers will block a user or IP address after multiple failed logins, a hacker may use multiple systems to perform a single brute force attack. Some attacks may use hundreds or even thousands of devices, similar to a distributed denial of service DDoS attack.

While the odds of guessing a correct login via a brute force attack are low, it is still one of the most common ways online accounts are compromised. Using enough attempts, it is theoretically possible to discover any login. However, short and common passwords are the most vulnerable.

How to Protect Against Brute Force Attacks

The two primary ways to protect your online accounts from brute force attacks are to 1) choose strong passwords and 2) use two-factor authentication.

1. Choose strong passwords

A fundamental step in securing any online account is to choose a strong password. This means choosing a password that:

  1. is long – at least eight characters, preferably 12 or more.
  2. contains special characters – including numbers and symbols, as well as lowercase and uppercase characters.
  3. is not personally identifiable – using a special date or the name of someone close to you makes it easy for someone to manually hack your account.
It is especially important to choose a strong password for your email account since your username (half of your login) is your public email address. Additionally, if someone gains access to your email, he or she can easily discover your other passwords.

2. Use Two-Factor Identification

Some services allow you to enable two-factor authentication, which requires authentication from two devices. For example, you may be asked to enter a username and password on your computer, followed by a code sent via text to the phone number listed in your account. With two-factor authentication, even if a hacker knows your username and password, he or she will not be able to successfully log in to your account.

Updated: June 17, 2019

Cite this definition:


TechTerms - The Tech Terms Computer Dictionary

This page contains a technical definition of Brute Force Attack. It explains in computing terminology what Brute Force Attack means and is one of many Internet terms in the TechTerms dictionary.

All definitions on the TechTerms website are written to be technically accurate but also easy to understand. If you find this Brute Force Attack definition to be helpful, you can reference it using the citation links above. If you think a term should be updated or added to the TechTerms dictionary, please email TechTerms!

Subscribe to the TechTerms Newsletter to get featured terms and quizzes right in your inbox. You can choose to receive either a daily or weekly email.

Sign up for the free TechTerms Newsletter

How often would you like to receive an email?

You can unsubscribe at any time.
Questions? Please contact us.