brute-force attack (original) (raw)

What is a brute-force attack?

A brute-force attack is a trial-and-error method used by application programs to decode login information and encryption keys to use them to gain unauthorized access to systems. Using brute force is an exhaustive effort rather than employing intellectual strategies.

Just as a criminal might break into and crack a safe by trying many possible combinations, a brute-force attack of applications tries all possible combinations of legal characters in a sequence. Cybercriminals typically use a brute-force attack to obtain access to a website, account or network. They may then install malware, shut down web applications or conduct data breaches.

A simple brute-force attack commonly uses automated tools to guess all possible passwords until the correct input is identified. This is an old but still effective attack method for cracking common passwords.

How long a brute-force attack lasts can vary. Brute-forcing can break weak passwords in a matter of seconds. Strong passwords can typically take hours or days.

Organizations can use complex password combinations to extend the attack time, buying time to respond to and thwart the cyber attack.

What are the different types of brute-force attacks?

Different types of brute-force attacks exist, such as the following:

Additional forms of brute-force attacks might try and use the most commonly used passwords, such as "password," "12345678" -- or any numerical sequence like this -- and "qwerty," before trying other passwords.

What is the best way to protect against brute-force attacks?

Organizations can strengthen cybersecurity against brute-force attacks by using a combination strategies, including the following:

A good way to secure against brute-force attacks is to use all or a combination of the above strategies.

password hygiene shortcomings

Ponemon Institute's research on the state of password practices

How can brute-force attack tools improve cybersecurity?

Brute-force attack tools are sometimes used to test network security. Some common ones are the following:

Aircrack-ng screenshotIT can use the wireless network auditing tool Aircrack-ng to test password security.

What are examples of brute-force attacks?

This was last updated in September 2021

Continue Reading About brute-force attack

Dig Deeper on Threats and vulnerabilities