So, what is brute force exactly? Brute force definition can be given as such \u2014 it is a type of cryptanalytic<\/a> attack that uses a simple trial and error, or guessing method. In other words \u2014 a criminal gains access to a user\u2019s account by guessing the login credentials.<\/p>\n\n\n\n Sometimes, brute force attacks are still done by hand, meaning that there\u2019s an actual person sitting in some basement and playing a guessing game with your credentials. But, more often than not these days, the hackers use a brute force algorithm, or brute force password cracker, which is, basically, a bot that submits infinite variations of username\/password combination and notifies the hacker when it gets in.<\/p>\n\n\n <\/p>\n\n\n\n Brute force has been around ever since coding was invented. Naturally, the public’s been informed about some high profile attacks over the years. Though we can safely assume we do not know about a lot of the ones in the past and ongoing break-ins.<\/p>\n\n\n\n The most well-known brute force examples are:<\/p>\n\n\n\n So, how does a brute force attack work exactly? As we\u2019ve already established, brute force hacking implies that someone is trying numerous combinations of username and password, again and again, and again, until they gain the desired access.<\/p>\n\n\n\n So let\u2019s say a username is as simple as \u201cadmin\u201d and doesn\u2019t take too much effort to guess (we bet that\u2019s the first one any hacker tries).<\/p>\n\n\n\n The password is a whole other story. Usually, a password requires at least 8 alphanumeric characters. There are 26 letters, if the password is lowercase and letters only (which it rarely is), so it makes for 26 possibilities for one character of the password. We can double that, because most passwords are case-sensitive. So it makes 52 possibilities for one character of a password. Add to that 10 digits and, for example, 5 special characters, and you get 67, which roughly makes 406 trillion combinations for the whole 8 characters alphanumeric password.<\/p>\n\n\n\n <\/p>\n\n\n\n | Read also:<\/span> How to Choose and Use Strong Passwords<\/a><\/p>\n\n\n\n How long does a brute force attack take? We have 406 trillion combinations. Seams like it will take centuries to crack, right? The answer is yes, if the bot attempts a thousand combinations per second. But the technologies evolve, remember?<\/p>\n\n\n\n So, taking that into consideration, how fast can a random password be cracked? There are computers that can do a hundred billion guesses per second and get the correct password in a few hours. There are even super computers<\/a> that can do a hundred trillion guesses per second, it will take them a couple of minutes to guess the correct combination. And that\u2019s without assuming the correct combination is the 10th, or even the 110th one in the row.<\/p>\n\n\n <\/p>\n\n\n\n Up to this point, we were assuming the hacker has to guess each and every character of the password. But that\u2019s not always the case.<\/p>\n\n\n\n A dictionary attack implies that a hacker has a list of commonly used passwords (password dictionary) and simply tries them all until he finds the correct one. If your password is \u201cpassword\u201d, \u201cqwerty\u201d or \u201c12345678\u201d<\/a>, we have bad news for you \u2014 it will be cracked in mere seconds.<\/p>\n\n\n\n As the name suggests, this type of attack uses a reverse approach. A hacker tries multiple usernames against one common password, like the already mentioned \u201cpassword\u201d, until they find the correct combination.<\/p>\n\n\n\n A lot of people use the same username-password combination for different accounts, for the sake of simplicity and to make sure they always remember the password. These people make the hackers\u2019 lives too easy, if you ask us. This type of brute force attack<\/a> works wonders if the attacker already has access to one of the victim\u2019s accounts, all they have to do is use the same credentials for another service.<\/p>\n\n\n\n This type of attack we\u2019ve described in detail above. The attacker uses a computer to try every combination possible until the right one is found. Modern computers can complete the task in minutes.<\/p>\n\n\n\n <\/p>\n\n\n\n | Read also:<\/span> The Most Popular Passwords of Ashley Madison Users \u2013 Overused, Predictable and Unreliable<\/a><\/p>\n\n\n\n It might seem like there\u2019s no way to protect your data from modern hackers and their super-computers. But there are ways to do that, and they are rather simple.<\/p>\n\n\n\n The first step of brute force protection is applying common sense. Just stop making it too easy for the hackers. If now you are asking yourself \u2014 \u201cHow safe is my password?\u201d, we say \u2014 good question. Let\u2019s see. If your password is long, combines not only letters, but numbers and special symbols as well, if it is different for every account and does not use any info that can easily be found online (your mother\u2019s maiden name, the Uni you went to, the cat\u2019s name etc.), you are on the safe side! Add to that 2-factor authentication<\/a> whenever possible, and you can relax, cracking your account is close to impossible.<\/p>\n\n\n\n If you own a service or website and want to apply brute force attack protection for your users it\u2019s a good idea to add a couple of protective layers. Start with requiring longer and more complicated passwords. Then turn on a lockout policy (you can lock an account if there was a certain number of consecutive failed attempts to log in). Another good idea is using Captcha, a bot can not choose a picture with a cat after all. Finally, offer two-factor authentication<\/a> brute force protection to your users, better protection for accounts has not been invented yet.<\/p>\n\n\n\n <\/p>\n<\/span>","protected":false},"excerpt":{"rendered":" Brute force attack is one of the oldest hacking methods, yet still one of the most popular and most successful ones. With computers and technologies evolving as fast as they are, bruteforce attacking is now fairly easy to run and more difficult to protect against. Brute force attack definition So, what is brute force exactly? […]<\/p>\n","protected":false},"author":6,"featured_media":5353,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_uf_show_specific_survey":0,"_uf_disable_surveys":false,"footnotes":""},"categories":[15],"tags":[780,166,163],"class_list":["post-5334","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-rd","tag-brute-force","tag-hacking-attacks","tag-passwords"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts\/5334","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/comments?post=5334"}],"version-history":[{"count":22,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts\/5334\/revisions"}],"predecessor-version":[{"id":8634,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/posts\/5334\/revisions\/8634"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/media\/5353"}],"wp:attachment":[{"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/media?parent=5334"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/categories?post=5334"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.protectimus.com\/blog\/wp-json\/wp\/v2\/tags?post=5334"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"Brute](\"https:\/\/www.protectimus.com\/blog\/wp-content\/uploads\/2019\/07\/brute-force-atteck.jpg\")
<\/figure><\/div>\n\n\nWhat is bruteforce attack with examples<\/strong><\/h2>\n\n\n\n
\n
How fast can a password be cracked<\/strong><\/h2>\n\n\n\n
![\"Brute](\"https:\/\/www.protectimus.com\/blog\/wp-content\/uploads\/2019\/07\/brute-force-attack-popular-passwords.png\")
<\/figure><\/div>\n\n\nBrute force attack types<\/strong><\/h2>\n\n\n\n
Dictionary attacks<\/h3>\n\n\n\n
Reverse brute force attacks<\/h3>\n\n\n\n
Credential Stuffing (Credential recycling)<\/h3>\n\n\n\n
Exhaustive key search<\/h3>\n\n\n\n
Brute force attack prevention<\/strong><\/h2>\n\n\n\n
Read more:<\/strong><\/h2>\n\n\n\n
\n