What is a Brute-Force Attack?

A brute-force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). In a brute-force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. Brute-force attacks may be used by criminals to crack encrypted data, or by security analysts to test an organization’s network security. A brute-force attack is also known as brute-force cracking or simply brute force.

One example of a type of brute-force attack is known as a dictionary attack, which might try all the words in a dictionary. Other forms of brute-force attacks might try commonly-used passwords or combinations of letters and numbers.

An attack of this nature can be time- and resource-consuming. Hence the name “brute-force attack;” success is usually based on computing power and the number of combinations tried rather than an ingenious algorithm.

The following measures can be used to defend against brute-force attacks:

• Implementing multi-factor authentication (MFA)
• Requiring users to create complex passwords
• Limiting the number of times a user can unsuccessfully attempt to log in
• Temporarily locking out users who exceed the specified maximum number of failed login attempts