What is Brute Force attack: How you can protect from it? — Security Master
Let’s imagine, if you got into a position where all your guess didn’t work. You are only left with trying all possible combinations of letters. If the attempt is made by someone else with malicious intent, then this is what we call it as Brute Force attack. This has been considered one of the oldest form of the attack. And, the best part of it is straightforward to conduct. In this post, we will cover what brute force is, how does it work, different types of it, at last, countermeasures of the attack.
What is Brute Force attack?
This is the most basic form of password guessing attack. The concept of this attack is to figure out the actual password by attempting every possible combination of the characters until the correct password is discovered. The goal of this attack to find out the correct password without infecting the target.
How does Brute Force attack work?
Theoretically, it sounds straightforward, but who will try millions and millions of combinations by hand. This is not possible for humans to sit and try all possible combinations. But, there is a better solution these days. It is quite simple for computers to conduct this attack. These days, tools are a mile ahead than your imaginations. There are plenty of tools available to automate this process.
There are many different types of Brute Force attack. However, this article is going to introduce the five most common types among them.
- Dictionary attack: This is widely known as a subset of Brute force attack wherein a list of dictionary words are used as input rather all possible combinations of alphanumeric and special characters to carry out the Brute force attack.
- Credential Stuffing: In this Brute Force attack, attackers gather the usernames and passwords into a word list and test every username across every password until the correct username and associated password is discovered.
- Password Spraying: This attack is quite the opposite of a basic form of brute force attack. Password Spraying is a technique to attempt a login using a commonly used password. In this attack, the attacker creates a list of most commonly used password on the internet and spray the list of known passwords across the comprehensive list of usernames to discover the actual passwords.
- Reverse brute force attacks: just as the name implies, a reverse brute force attack reverses the attack strategy by starting with a known password. Then hackers search millions of usernames until they find a match. Many of these criminals start with leaked passwords that are available online from existing data breaches.
- Hybrid brute force attacks: A hybrid attack usually mixes dictionary and brute force attacks. These attacks are used to figure out combo passwords that mix common words with random characters. A brute force attack example of this nature would include passwords such as NewYork1993 or Spike1234.
As we said earlier, theoretically, this attack may sound very simple. But, pragmatically, it is not that simple. Major challenges attacker may face time and resources required to process the massive list of the password. The time and resources required for a successful attack will increase exponentially with the increasing complexity of the password.
Measures to counter Brute Force attack:
Countermeasures are really depended on where you would apply the attack. This attack can be used not only to crack the account password but also to match the document encryption keys. The difficulty lies where the attacker applies this technique.
This attack suits best to match the document encryption key using any automated tools. However, it’s very hard to crack the online account passwords as administrators have a lot of options to counter it by setting the time limitations between the two subsequent attempts. And, it is possible to set to failed attempts limit to a small number let’s say 5 or 10. Despite these measures, there are few more things that you can be aware of, which could exponentially decrease the chance of likelihood.
- Use unique passwords.
- Use complex passwords with special characters, alphanumeric combinations.
- Password Length should be more than ten char.
- Change passwords periodically.
- Enable two-factor authentication.
- Use password generators.
As a bonus tip, we are introducing you to a place where you can test your password’s strength to know the possible success rate.
Check your password’s required time to brute force.
What is Phishing and How you can protect from it?
What are Key Loggers? How to get rid of them?
5 best password alternatives you should consider!
What is Brute Force attack: How you can protect from it?
Thank you for reading this article. Please visit the below links to read more such interesting articles. Peace leave your comments here below and let us know your feedback. This helps us to bring more such articles.
Originally published at https://thesecmaster.com on December 30, 2020.