Brute Force Attack

A brute force attack is an attempt to gain access to a system using successive login attempts. It can be performed manually or by using an automated script. In either case, a brute force attack tries different username and password combinations with the hope of discovering a valid login.

While brute force attacks are simplistic by nature, their implementation is often complex. Since most servers will block a user or IP address after multiple failed logins, a hacker may use multiple systems to perform a single brute force attack. Some attacks may use hundreds or even thousands of devices, similar to a distributed denial of service DDoS attack.

While the odds of guessing a correct login via a brute force attack are low, it is still one of the most common ways online accounts are compromised. Using enough attempts, it is theoretically possible to discover any login. However, short and common passwords are the most vulnerable.

How to Protect Against Brute Force Attacks

The two primary ways to protect your online accounts from brute force attacks are to 1) choose strong passwords and 2) use two-factor authentication.

1. Choose strong passwords

A fundamental step in securing any online account is to choose a strong password. This means choosing a password that:

  1. is long – at least eight characters, preferably 12 or more.
  2. contains special characters – including numbers and symbols, as well as lowercase and uppercase characters.
  3. is not personally identifiable – using a special date or the name of someone close to you makes it easy for someone to manually hack your account.
It is especially important to choose a strong password for your email account since your username (half of your login) is your public email address. Additionally, if someone gains access to your email, he or she can easily discover your other passwords.

2. Use Two-Factor Identification

Some services allow you to enable two-factor authentication, which requires authentication from two devices. For example, you may be asked to enter a username and password on your computer, followed by a code sent via text to the phone number listed in your account. With two-factor authentication, even if a hacker knows your username and password, he or she will not be able to successfully log in to your account.

Updated June 17, 2019

Definitions by TechTerms.com

The definition of Brute Force Attack on this page is an original TechTerms.com definition. If you would like to reference this page or cite this definition, you can use the green citation links above.

The goal of TechTerms.com is to explain computer terminology in a way that is easy to understand. We strive for simplicity and accuracy with every definition we publish. If you have feedback about the Brute Force Attack definition or would like to suggest a new technical term, please contact us.

Want to learn more tech terms? Subscribe to the daily or weekly newsletter and get featured terms and quizzes delivered to your inbox.

Sign up for the free TechTerms Newsletter

How often would you like to receive an email?

You can unsubscribe or change your frequency setting at any time using the links available in each email.

Questions? Please contact us.