Brute-force Attack
Definition
In a brute-force attack, an attacker systematically tries all possible combinations of passwords or keys until the correct one is found. This is one of the most direct methods of gaining access.
Brute-force attacks range from simple password guessing to optimised attacks with dictionary lists (dictionary attacks), where commonly used passwords are tried first. Modern attacks use graphics processing units (GPUs) to process billions of combinations per second.
Effectiveness depends on password complexity and security measures such as account lockouts, MFA and rate limiting. Stolen password hashes are also cracked offline.
Defence: strong password policies, MFA, CAPTCHAs, account lockout and monitoring of failed login attempts.