Brute-force attack

What is a brute-force attack?

A brute-force attack is a method in which an attacker attempts to guess a password, encryption key or other form of access control by trying every possible combination. This method does not require any specific vulnerabilities in the system. Instead, it relies on the attacker simply trying every possible combination of character systematically until the correct value is found. The duration of a brute-force attack depends heavily on the length and complexity of the password, as well as the attacker’s computing power.

Types of brute-force attacks

There are various types of brute-force attacks:

  • Simple brute-force attack: All possible character combinations are tested without following a specific strategy. Depending on the password’s length and complexity, this can take a very long time.
  • Dictionary attack: The attacker uses a list of commonly used passwords (e.g. ´123456’, ´password´) and tests these against the target.
  • Hybrid brute-force attack: A combination of a dictionary and brute-force attack. Common passwords are combined with numbers or special characters to test variations.
  • Reverse brute-force attack: Instead of guessing a password, a common password is tested against many usernames to find out which user is using it.
  • Credential stuffing: The use of stolen login credentials (username + password) from data breaches to log in to other systems or websites.
     

Protection against brute-force attacks

There are simple and complex measures to protect against brute-force attacks:

  • Strong passwords: Use complex, long passwords that contain a mix of upper- and lower-case letters, numbers and special characters. A minimum of 12 characters is recommended.
  • Multi-factor authentication (MFA): In addition to the password, a second level of security is introduced, e.g. a one-time code from an app or via text message.
  • Account lockout after multiple failed attempts: Locking accounts or delaying further attempts after a set number of failed logins.
  • Captcha: Captchas (e.g. ‘I am not a robot’) prevent unwanted attacks by blocking access after a certain number of failed attempts.
  • Password manager: A password manager creates and stores complex and unique passwords for each account without the user having to remember them.
  • Encryption and salting: Storing passwords in an encrypted form, with ‘salt’ (random data) added to make it more difficult to access passwords in the event of a potential data breach.
  • IP address blocking: IP addresses that make multiple failed logins attempts within a short period of time are blocked to prevent brute-force attacks.
  • Hashing algorithms: Use computationally intensive, secure hashing algorithms (e.g. bcrypt or Argon2) to store passwords securely, making brute-force attacks take much longer.

 

Conclusion

Brute-force attacks are a simple yet effective method for hackers to gain access to systems. However, they can be thwarted with a variety of protective measures. The use of strong passwords, multi-factor authentication and additional security features such as Captchas and account locks are essential steps to enhance security and prevent brute-force attacks.

 

 

back to the it-glossary

Our recommendation

zum Service

DTS DDoS Multilayer Protection

zum Service

More IT knowledge

IT Blog

Digital Sovereignty: Independence Becomes the Foundation of Business – Part 1 of 3

For a long time, digital sovereignty was a term reserved for strategy papers and empty rhetoric. That has changed. Geopolitical tensions, new regulations, and growing dependence on a handful of providers have turned a political buzzword into a tangible business issue. Anyone making decisions today about the cloud, data, IT architecture, or IT security is also making decisions about control, freedom of action, and future viability. It’s high time to turn this topic on its head: What does digital sovereignty really mean – and what does it mean specifically for your company?

Read more
IT Blog

Stay safe this summer with security awareness

In many companies, the summer months are considered a quiet period. Employees are on vacation, key contacts are hard to reach and temporary arrangements replace standard procedures. Cybercriminals know exactly that – and exploit it deliberately. Firewalls, Zero Trust, endpoint security – none of that helps much if a single employee clicks on a phishing email. People are the most effective target. They can’t be patched. And they’re particularly vulnerable in the summer.

Read more
IT Blog

IT Security Asset & Exposure Management: Transparency as the key to cyber resilience

To mitigate the rapidly expanding attack surface in enterprises, new success factors are required. In this context, two disciplines are currently gaining significant importance: IT asset management and exposure management. In the field of IT security in particular, these approaches are converging into a critical aspect. Why? Because companies that do not have a complete understanding of their digital assets and the security risks associated with them cannot effectively protect them. This article examines the fundamentals, differences, and concrete value of modern, security-focused asset and exposure management.

Read more

Contact us!

Get a free, no-obligation consultation now.

Gespräch vereinbaren!
Contact
Support
Newsletter
Cloud Portal

How to reach us:

Support

Hotline

To open a ticket, simply call our 24/7 hotline:
 

+49 5221 1013-032

Email

To open a ticket, simply email us with your technical issue:
 

support​@​dts.de

Web frontend

Enter new tickets in the web frontend, view and classify all open tickets etc.

support.dts.de

Remote support

Enables remote connections to your endpoints:
 

support-remote.dts.de

Subscribe now!

Current information about DTS, our products, events and other news about the entire group of companies.

DTS in general

Login

DTS Systeme Muenster

Login

DTS Cloud Portal

The DTS Cloud Portal is our platform for you to easily and flexibly add and manage your DTS Cloud products and services. The intuitive platform allows you to configure selected products individually and thus adapt them exactly to your requirements.