您的 IP 地址: 未知 · 您当前的状态: 受保护未受保护的未知

NordVPN

在线安全性和私密性

NordPass

密码管理

NordPass Business

企业密码安全整体方案

NordLocker

云存储加密

博客 In Depth

What is a brute force attack?

“Brute force attack” may sound like a military term, but it’s not. It’s actually an old and not very sophisticated attack that hackers still successfully employ to this day. You shouldn’t fear it though, as you can protect your accounts in a few simple steps.

Emily Green

Emily Green

Nov 13, 2019 · 3 min read

facebook Facebook
twitter Twitter
Copy link Copy link
What is a brute force attack?

Brute force attack definition

In a brute force attack, a hacker uses a rapid trial and error approach to guess the correct password, PIN, or encryption keys. It can be used maliciously to gain access to any password-protected account or platform, decrypt data, or perform penetration testing to check an organization's network security.

It doesn’t require a lot of intellect or complex algorithms – it’s merely a guessing game. However, the attack does require some resources – time and computing power. The more complex the password, the more difficult it is to crack it. Let’s delve into that in more detail.

How brute force attacks are executed

Imagine that your password only contains two digits. That means there are 100 possible password combinations a hacker could try. They could enter these possibilities manually, which might be time consuming but not impossible. However, modern websites ask for more complex passwords – at least 8 characters long, including upper and lower cases. Such passwords have millions of possibilities, making it nearly impossible to randomly “guess” them.

This is why hackers employ specialized software that can try thousands of password combinations per second. If your password only contains a few characters, such software will guess it in a matter of seconds. But if you’ve chosen a random 16-character-long password, it might take years before the software hits the jackpot.

Related articles
News · 3 min read Hacker steals US military documents by exploiting weak passwords By Daniel Markuson · Jul 12, 2018
In Depth · 3 min read What is clickjacking: A simple explanation By Emily Green · Feb 12, 2020

Most websites nowadays also add extra security steps such as password hashing and encryption to protect your information. This means that your passwords are never saved in plain text. So even if they do leak, hackers will need to go through an astronomical number of attempts to guess the encryption key and get your password.

Types of brute force attacks

Hackers can also employ different types of brute force attacks.

  • Credential recycling

    • This type of attack requires previously gathered usernames and passwords. These can be obtained from previous brute force attacks, from breaches and leaks, or can simply be bought on the dark web. The hacker will then try to use them on different platforms. For example, if they get a hold of your Facebook login details, they might try to use them to get into your bank account. This is why it’s so important not to use the same password on multiple accounts!

  • Dictionary attack

    • In this type of attack, the hacker will try to use words from the dictionary. It’s very common for people to use names, cities, objects, etc. as their passwords. However, this makes it easier to guess them. Hackers might also add popular password and number combinations such as Password123 to such databases.

  • Reverse brute-force attack

    • This attack, as the name suggests, uses a reverse technique. A hacker takes one password, usually a popular one, and tries it on as many accounts as possible. In this case, the hacker isn’t targeting a particular individual but rather looking for an opportunity to break into a random account.

Can you protect yourself?

Your password security depends a lot on how website admins store it or how vulnerable they are to breaches and leaks. Web admins can also make a hacker's job more difficult by locking accounts after a certain number of failed attempts, encrypting passwords, reducing login attempt rates, or using salt hashing. Unfortunately, you cannot control the cybersecurity of the websites you use, but there are a few things you can do to protect your accounts.

  • Use 2-factor authentication. Without access to your device, a malicious actor won’t be able to get into your account.
  • Increase your password length and complexity by using both letters and numbers, as well as upper and lower case letters or even symbols. If you are not sure how to create strong passwords, use these tips, or visit the NordPass random password generator.
  • Change your passwords regularly.
  • Don’t reuse passwords on different accounts, as this will make you vulnerable to credential recycling attacks.
  • Keep your passwords safe by using a password manager such as NordPass. It will keep your passwords in an encrypted vault and will offer you extra features like autofill. You’ll no longer need to worry, or remember your passwords!
Also available in: Deutsch, English, 以及其他语言 .
facebook Facebook
twitter Twitter
Copy link Copy link
Emily Green
Emily Green success Verified author
Emily Green is a content writer who loves to investigate the latest Internet privacy and security news. She thrives on looking for solutions to problems and sharing her knowledge with NordVPN readers and customers.
Next article
Next read WannaCry — how does it work, and is it still alive? Paul Black · Feb 09, 2022

Trending articles

Trending article
News · 3 min read What is Log4Shell and what kind of damage can it do? Carlos Martinez · Feb 04, 2022
Trending article
工程 · 2 min read How we manage passwords using Ansible Alan Vezhbitskis · Jan 28, 2022
Trending article
How-To · 4 min read What is spyware and how can you protect yourself? Paul Black · Feb 14, 2022
Trending article
How-To · 3 min read WannaCry — how does it work, and is it still alive? Paul Black · Feb 09, 2022