• What is a Brute Force Attack?

    In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found.

    Back to GlossaryBack to Glossary
    What are the goals of a brute force attack?

    The ultimate goal of a brute force attack is to steal password and login credentials to gain access to online accounts. After an attacker gains access it doesn’t stop there. They may use accounts to send out spam or phishing messages to other users. Another action might be making changes to online websites in a negative way to harm an organization. Attackers might even keep login credentials with the idea to sell them to third parties.

    What are some types of brute force attacks?

    There are multiple ways for an attacker to carry out a brute force attack. One way is through a dictionary attack. The method used here is trying hundreds, or thousands, of words found in a dictionary as the password for someone’s account. As you can imagine, this method is getting a little outdated due to the amount of effort it might take.

    Next is a reverse brute force attack, done by taking a common password like “1234” and trying to match it up with a list of usernames to gain access that way.

    There is also credential stuffing. This is typically where stolen account credentials, usually consisting of lists of usernames and/or email addresses and the corresponding passwords, are used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application.

    How to protect against a brute force attack

    Difficult, lengthy passwords

    Easy ways to increase the security of your passwords is to increase the amount of characters in your password and make it a little more complex by adding numbers or allowed symbols

    Limit login attempts

    Making sure your accounts only allow limited login attempts can reduce the risk of password guessing. Once the amount of failed login attempts has reached the max it will not allow anymore.

    Multi-factor authentication

    The use of MFA on accounts can drastically decrease the risk of a brute force attack. Hardware security keys offer strong MFA because the credential secrets are stored securely on the hardware key and cannot be exfiltrated

    Learn More

    Developer Resources

    Get Started

    Find the right YubiKey

    Take the quick Product Finder Quiz to find the right key for you or your business.

    Let’s startLet’s start
    Get protected today

    Browse our online store today and buy the right YubiKey for you.

    Shop nowShop now