Overview
In a brute force attack, automated software is used to generate a large number of consecutive guesses as to the value of the desired data. It is a simple but often effective method, especially against weak passwords.
Variations
- Simple Brute Force: Trying every possible combination of characters.
- Credential Stuffing: Using lists of compromised usernames and passwords from other breaches.
- Reverse Brute Force: Trying a common password against many different usernames.
Prevention
- Strong Password Policies: Requiring long, complex passwords.
- Account Lockout: Temporarily disabling an account after a certain number of failed attempts.
- Multi-Factor Authentication (MFA): The most effective defense.