What Is Brute Force Attack? How to Prevent Brute Force Attack? [MiniTool Wiki]
What Is a Brute Force Attack?
what is a brute force attack?
It is easy to understand what a Brute Force Attack is. Let’s take an example here to make the definition easy. When you are trying to access your friend’s computer without his/her password. In this situation, what would you do? You would try all passwords that you think he/she might set for computer until you find the right one.
The above moves are continued with your friend’s approval. But let’s change the actor. If the moves are executed by strangers, hackers, or the hostile, that can be dangerous. We call the moves a Brute Force Attack.
Besides, you may think this process can only be finished by someone familiar to you, but indeed, a experienced hacker can deduce your password by any clues on your social media and online information.
This seems like a very stressful and mentally taxing method of hacking, with easy access to the correct password in a matter of minutes.
Related article: What Is Attack Vector? Different Types of Attack Vectors
Types of Brute Force Attacks
Although the above explanation may make the Brute Force Attack seem easy, it needs some complicated tools and techniques to complete.
There are some different types of Brute Force Attacks.
Simple Brute Force Attacks
If you are using very simple passwords and pins, hackers can easily decode that with a simple brute force attack, attempting to logically guess your credentials without the help of other tools and means.
Just as the name implies, hackers guess usernames or passwords using a dictionary of possible strings or phrases. This is the most basic tool for brute force attacks but this type of sequential attack is cumbersome.
Hybrid Brute Force Attacks
A hybrid attack usually mixes dictionary and simple brute force attacks. They will start with external logic, determine which password changes are most likely to succeed, and then proceed to try many possible changes using simple methods.
Reverse Brute Force Attacks
Hackers will start with a known password and search millions of usernames until they find a match. The target is a network of users whose data the attacker has previously obtained.
Actually, in different systems, some passwords and usernames will be repeatedly used, base on which, hackers will try their already-known passwords or usernames on different sites.
Because users reuse login information on many sites, they are the only targets of this kind of attack.
Rainbow Table Attacks
Rainbow table is a precomputation table for inverting cryptographic hash functions, which can be used to guess a function of a certain length consisting of a finite character set.
The Motives of a Brute Force Attack
There are some benefits for hackers to employ brute force attacks.
- Steal personal data and sell people’s privacy for profits.
- Spread malware to cause disruptions.
- Hijack people’s system for malicious activities.
- Put spam ads on a well-traveled site to make money.
- Reroute a website’s traffic to commissioned ad sites.
How to Prevent Brute Force Attack?
We know that brute force attacks mainly focus on decoding our passwords and pins, therefore, to protect your organization from brute force password hacking, you need to enforce the use of strong passwords.
- Don’t let your password information appear on your social media, such as birthday or anniversary day.
- Don’t use a password that is easy guessed and common to see, such as 123456; just make your password or pin filled with enough numbers, letters, and symbols.
- Don’t use the same password on all websites; be different for each user account.
- Avoid common patterns and have as many characters as possible.
- Use some tools to enforce your password security. There are some recommendations for you.
Lockout policy – Account lockout policies are used by administrators to lock out an account when someone tries to log on unsuccessfully several times in a row.
Two-factor authentication – Two-factor authentication verifies your identity by using two of three factors: something you know (like a passcode), something you have (like a key), and something you are (like a fingerprint).
Some people may encounter the Google Authenticator not working issue. The reasons can be complicated but it is recoverable. For details, please read this post.
To protect people’s online privacy, it not only relies on legal protection, but also people’s improved awareness to their privacy protection. We need to work hand to hand to make our Internet world better.