Brute Force Attack

Two hooded figures look at screens as they attempt to guess a user's login details via a brute force attack.

A brute force attack is a frequently used cryptographic method where threat actors rely on computing power to estimate potential passwords through a combination of web service and user account information. The length and password requirements for a software account provider, in addition to a handful of details about a user, including username, is all a hacker needs to get to work. 

Password complexity and the level of user attention to protecting passwords directly impact how long a brute force attack can take. Users with lazy passwords are vulnerable to swift brute force attacks.

What is a Brute Force Attack?

Brute force attacks are a trial-and-error process where hackers attempt to identify potential passwords for a given user account credentials providing unauthorized access. Using cheap, powerful computing power, threat actors can test millions of possible passwords using basic personal details about the user like name, address, hometown, and advanced processing methods for estimating credentials.

A screenshot of a successful brute force attack. Provided by Imperva.
Read more: Your weak passwords can be cracked in less than a second | TechRepublic

Brute Force Attack Types

Credential StuffingTests login forms by automated injection of breached credentials
Dictionary AttacksTests potential credentials against likely dictionary words
Rainbow Table AttacksHacks the password hash value to obtain authentication
Simple BFAUses a system but little outside logic beyond guessing
Hybrid BFAUses external logic for likely password followed by testing variations
Reverse BFAUses previously obtained data to target network of users

Who is Vulnerable to Brute Force Attacks?

Vulnerability to brute force attacks involves the protective measures taken by account service providers, account users, and the sophistication of threat actors. Today, advanced threat actors are well-equipped with the social engineering skills to crack a user account, making additional security layers like multi-factor authentication (MFA) and biometric authentication crucial to enterprise services.

Also read: Top Cyber Security Threats to Organizations | CIO Insight
A graphic image from Cloudflare shows the estimated amount of time needed to hack passwords of certain lengths.

Account Service Providers: Password Requirements

Service providers, where user account information exists in an organization database, are directly involved in guarding against brute force attempts. For everything from email, banking, social media, CRM, and more, account service providers can enable password requirements that make brute force attacks exponentially more difficult. 

In addition to the number of characters, standard additional password requirements include capital letters, special characters, and numbers. Account service providers can mandate MFA and password requirements or enhance back-end security with hash salting, account lockdowns, throttling, and increased encryption.

Account Users: Inadequate Digital Hygiene

When creating an account, choosing a strong password can be an incredibly consequential decision. Beyond meeting the account service providers’ credential requirements, users must be vigilant in setting complex passwords not easily guessed by a brute force attack. 

Password managers are increasingly essential to modern businesses to prevent password fatigue and avoid brute force attacks with the multitude of applications and online services used by personnel. The best password managers include 1Password, Bitwarden, Dashlane, Keeper, LastPass, NordPass, RoboForm, and Sticky Password.

Read more: Best Password Managers & Tools for 2022 | eSecurityPlanet

Recent Coverage

Sam Ingalls
Sam Ingalls
Sam Ingalls is an award-winning writer and researcher covering enterprise technology, cybersecurity, data centers, and IT trends, for eSecurity Planet, TechRepublic, ServerWatch, Webopedia, and Channel Insider.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.

Related Articles


LastPass is a cloud-based password manager that stores users' login information online in a secure database and allows users to generate unique passwords for...

Password Manager

A password manager is a software application or a hardware device used to store and manage a person's passwords and strong passwords. Typically all...


1Password is a password management system employed by enterprises to store employee passwords. 1Password allows users to save complex, strong passwords without memorizing them.  How...

How to Use a Password Manager

Password managers store passwords for both enterprises and personal users. Password management software is useful because it allows users to create and store strong,...


ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...


Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...