What is a Brute Force Attack?

In cryptography, a brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found.
What are the goals of a brute force attack?

The ultimate goal of a brute force attack is to steal password and login credentials to gain access to online accounts. After an attacker gains access it doesn’t stop there. They may use accounts to send out spam or phishing messages to other users. Another action might be making changes to online websites in a negative way to harm an organization. Attackers might even keep login credentials with the idea to sell them to third parties.

What are some types of brute force attacks?

There are multiple ways for an attacker to carry out a brute force attack. One way is through a dictionary attack. The method used here is trying hundreds, or thousands, of words found in a dictionary as the password for someone’s account. As you can imagine, this method is getting a little outdated due to the amount of effort it might take.

Next is a reverse brute force attack, done by taking a common password like “1234” and trying to match it up with a list of usernames to gain access that way.

There is also credential stuffing. This is typically where stolen account credentials, usually consisting of lists of usernames and/or email addresses and the corresponding passwords, are used to gain unauthorized access to user accounts through large-scale automated login requests directed against a web application.

How to protect against a brute force attack

Difficult, lengthy passwords

Easy ways to increase the security of your passwords is to increase the amount of characters in your password and make it a little more complex by adding numbers or allowed symbols

Limit login attempts

Making sure your accounts only allow limited login attempts can reduce the risk of password guessing. Once the amount of failed login attempts has reached the max it will not allow anymore.

Multi-factor authentication

The use of MFA on accounts can drastically decrease the risk of a brute force attack. Hardware security keys offer strong MFA because the credential secrets are stored securely on the hardware key and cannot be exfiltrated

Learn More

Developer Resources

Get Started

Find the right YubiKey

Take the quick Product Finder Quiz to find the right key for you or your business.

Get protected today

Browse our online store today and buy the right YubiKey for you.