Brute-Force Attack

« Back to Glossary Index

What is a Brute-Force Attack?

A brute-force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute-force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Brute-force attacks may be used by criminals to crack encrypted data, or by security analysts to test an organization’s network security. A brute-force attack is also known as brute-force cracking or simply brute force.

One example of a type of brute-force attack is known as a dictionary attack, which might try all the words in a dictionary. Other forms of brute-force attacks might try commonly-used passwords or combinations of letters and numbers.

An attack of this nature can be time- and resource-consuming. Hence the name “brute-force attack;” success is usually based on computing power and the number of combinations tried rather than an ingenious algorithm.

The following measures can be used to defend against brute-force attacks:

  • Implementing multi-factor authentication (MFA)
  • Requiring users to create complex passwords
  • Limiting the number of times a user can unsuccessfully attempt to log in
  • Temporarily locking out users who exceed the specified maximum number of failed login attempts
« Back to Glossary Index

Security news and stories right to your inbox!