Your IP: Unknown · Your Status: Unprotected Protected
Blog News

What is a brute force attack?

Nov 13, 2019 · 3 min read

What is a brute force attack?

“Brute force attack” may sound like a military term, but it’s not. It’s actually an old and not very sophisticated attack that hackers still successfully employ to this day. You shouldn’t fear it though, as you can protect your accounts in a few simple steps.

Brute force attack definition

In a brute force attack, a hacker uses a rapid trial and error approach to guess the correct password, PIN, or encryption keys. It can be used maliciously to gain access to any password-protected account or platform, decrypt data, or perform penetration testing to check an organization's network security.

It doesn’t require a lot of intellect or complex algorithms – it’s merely a guessing game. However, the attack does require some resources – time and computing power. The more complex the password, the more difficult it is to crack it. Let’s delve into that in more detail.

How brute force attacks are executed

Imagine that your password only contains two digits. That means there are 100 possible password combinations a hacker could try. They could enter these possibilities manually, which might be time consuming but not impossible. However, modern websites ask for more complex passwords – at least 8 characters long, including upper and lower cases. Such passwords have millions of possibilities, making it nearly impossible to randomly “guess” them.

This is why hackers employ specialized software that can try thousands of password combinations per second. If your password only contains a few characters, such software will guess it in a matter of seconds. But if you’ve chosen a random 16-character-long password, it might take years before the software hits the jackpot.

Most websites nowadays also add extra security steps such as password hashing and encryption to protect your information. This means that your passwords are never saved in plain text. So even if they do leak, hackers will need to go through an astronomical number of attempts to guess the encryption key and get your password.

Types of brute force attacks

Hackers can also employ different types of brute force attacks.

  • Credential recycling
  • This type of attack requires previously gathered usernames and passwords. These can be obtained from previous brute force attacks, from breaches and leaks, or can simply be bought on the dark web. The hacker will then try to use them on different platforms. For example, if they get a hold of your Facebook login details, they might try to use them to get into your bank account. This is why it’s so important not to use the same password on multiple accounts!

  • Dictionary attack
  • In this type of attack, the hacker will try to use words from the dictionary. It’s very common for people to use names, cities, objects, etc. as their passwords. However, this makes it easier to guess them. Hackers might also add popular password and number combinations such as Password123 to such databases.

  • Reverse brute-force attack
  • This attack, as the name suggests, uses a reverse technique. A hacker takes one password, usually a popular one, and tries it on as many accounts as possible. In this case, the hacker isn’t targeting a particular individual but rather looking for an opportunity to break into a random account.

Can you protect yourself?

Your password security depends a lot on how website admins store it or how vulnerable they are to breaches and leaks. Web admins can also make a hacker's job more difficult by locking accounts after a certain number of failed attempts, encrypting passwords, reducing login attempt rates, or using salt hashing. Unfortunately, you cannot control the cybersecurity of the websites you use, but there are a few things you can do to protect your accounts.

  • Use 2-factor authentication. Without access to your device, a malicious actor won’t be able to get into your account.
  • Increase your password length and complexity by using both letters and numbers, as well as upper and lower case letters or even symbols. If you are not sure how to create strong passwords, use these tips, or visit the NordPass random password generator.
  • Change your passwords regularly.
  • Don’t reuse passwords on different accounts, as this will make you vulnerable to credential recycling attacks.
  • Keep your passwords safe by using a password manager such as NordPass. It will keep your passwords in an encrypted vault and will offer you extra features like autofill. You’ll no longer need to worry, or remember your passwords!

For more cybersecurity tips, subscribe to our free monthly newsletter below!


Emily Green
Emily Green successVerified author

Emily Green is a content writer who loves to investigate the latest internet privacy and security news. She thrives on looking for solutions to problems and sharing her knowledge with NordVPN readers and customers.


Subscribe to NordVPN blog