Cybersecurity
Brute-Force Attack
Definition
A brute-force attack is a trial-and-error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys. In a brute-force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data.
Why It Matters
Brute-force attacks are a common method for cracking weak passwords. The longer and more complex a password is, the more resistant it is to a brute-force attack.
Contextual Example
An attacker attempts to log into a user's account by systematically trying every word in the dictionary as the password, and then every combination of letters and numbers. This is a brute-force attack.
Common Misunderstandings
- Defenses against brute-force attacks include using long, complex passwords, implementing multi-factor authentication, and account lockout policies (e.g., locking an account after 5 failed login attempts).
- Credential stuffing is a related attack where attackers use lists of previously breached usernames and passwords to try to log into other services.