Brute force attacks

Brute force attack uses trial-and-error to guess login info, encryption keys, or find a hidden web page. Hackers work through all possible combinations hoping to guess correctly.

These attacks are done by ‘brute force’ meaning they use excessive forceful attempts to try and ‘force’ their way into your private accounts.

What do hackers gain from Brute Force Attacks?

Brute force attackers have to put in efforts to make these attacks pay off. Though technology does make it easier, but why would someone do this?

Attackers:

· Profit from ads or collecting activity data

· Steal personal data and valuables

· Spread malware to cause disruptions

· Hijack your system for malicious activity

· Ruin a website’s reputation

Types of Brute Force Attacks

Each brute force attack can use different methods to uncover your sensitive data. You might be exposed to any of the following popular brute force methods:

Simple brute force attacks: hackers attempt to logically guess your credentials — completely unassisted from software tools or other means. These can reveal extremely simple passwords and PINs. For example, a password that is set as “guest12345”.

Dictionary attacks: in a standard attack, a hacker chooses a target and runs possible passwords against that username. These are known as dictionary attacks. Dictionary attacks are the most basic tool in brute force attacks. While not necessarily being brute force attacks in themselves, these are often used as an important component for password cracking. Some hackers run through unabridged dictionaries and augment words with special characters and numerals or use special dictionaries of words, but this type of sequential attack is cumbersome.

Hybrid brute force attacks: these hackers blend outside means with their logical guesses to attempt a break-in. A hybrid attack usually mixes dictionary and brute force attacks. These attacks are used to figure out combo passwords that mix common words with random characters. A brute force attack example of this nature would include passwords such as NewYork1993 or Spike1234.

Reverse brute force attacks: just as the name implies, a reverse brute force attack reverses the attack strategy by starting with a known password. Then hackers search millions of usernames until they find a match. Many of these criminals start with leaked passwords that are available online from existing data breaches.

Credential stuffing: if a hacker has a username-password combo that works for one website, they’ll try it in tons of others as well. Since users have been known to reuse login info across many websites, they are the exclusive targets of an attack like this.

How Users Can Strengthen Passwords Against Brute Force Attacks?

As a user, you can do a lot to support your protection in the digital world. The best defense against password attacks is ensuring that your passwords are as strong as they can be.

Brute force attacks rely on time to crack your password. So, your goal is to make sure your password slows down these attacks as much as possible, because if it takes too long for the breach to be worthwhile… most hackers will give up and move on.

Here are a few ways you can strength passwords against brute attacks:

Longer passwords with varied character types. When possible, users should choose 10-character passwords that include symbols or numerals. Doing so creates 171.3 quintillion possibilities.

Elaborate passphrases. Not all sites accept such long passwords, which means you should choose complex passphrases rather than single words. Dictionary attacks are built specifically for single word phrases and make a breach nearly effortless. Passphrases — passwords composed of multiple words or segments — should be sprinkled with extra characters and special character types.

Create rules for building your passwords. The best passwords are those you can remember but won’t make sense to anyone else reading them. When taking the passphrase route, consider using truncated words, like replacing “wood” with “wd” to create a string that makes sense only to you. Other examples might include dropping vowels or using only the first two letters of each word.

Stay away from frequently used passwords. It's important to avoid the most common passwords and to change them frequently.

Use unique passwords for every site you use. To avoid being a victim of credential stuffing, you should never reuse a password. If you want to take your security up a notch, use a different username for every site as well. You can keep other accounts from getting compromised if one of yours is breached.

Use a password manager. Installing a password manager automates creating and keeping track of your online login info. These allow you to access all your accounts by first logging into the password manager. You can then create extremely long and complex passwords for all the sites you visit, store them safely, and you only have to remember the one primary password.