What is a Brute-Force Attack?
A brute-force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute-force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Brute-force attacks may be used by criminals to crack encrypted data, or by security analysts to test an organization’s network security. A brute-force attack is also known as brute-force cracking or simply brute force.
One example of a type of brute-force attack is known as a dictionary attack, which might try all the words in a dictionary. Other forms of brute-force attacks might try commonly-used passwords or combinations of letters and numbers.
An attack of this nature can be time- and resource-consuming. Hence the name “brute-force attack;” success is usually based on computing power and the number of combinations tried rather than an ingenious algorithm.
The following measures can be used to defend against brute-force attacks:
- Implementing multi-factor authentication (MFA)
- Requiring users to create complex passwords
- Limiting the number of times a user can unsuccessfully attempt to log in
- Temporarily locking out users who exceed the specified maximum number of failed login attempts