wisemonkeys logo
FeedNotificationProfileManage Forms
FeedNotificationSearchSign in
wisemonkeys logo

Blogs

What is Brute Force Attack? How to defend against it?

profile
Taha Chatriwala
Feb 07, 2019
0 Likes
0 Discussions
587 Reads

What is Brute Force Attack?

Brute force attack is one of the password guessing attacks wherein the attacker tries to get access to a server or website by constantly trying various combinations of usernames and passwords. It is a trial and error approach hoping to get correct combination of user credentials.

Let’s get practical:

Suppose you know username of a website is “admin”, now you just have to guess the password for a successful login.  The password field nowadays contains at least 8 Alphanumeric characters. Considering this how much time do you think it will take to crack this password? There are 26 alphabets in English. Double them as password will contain both UPPER and lower cases, so we have 26+26 = 52 characters. Now there are 10 numeric digits (i.e. 0-9). Adding them: 52+10=62 So, there are total 62 possible characters for each character of password. For 8-character-password, it will be (62)8 which will make 218,340,105,584,896 (i.e. 218 trillion) possible combinations. If we attempt 218 trillion combinations at one try per second, it would take 218 trillion seconds or 3.6 trillion minutes. In other words, just around 7 million years would be required to crack the password with the final combination. Now Suppose your computer tries 1000 combinations per second that will still take 7 thousand years. If we increase the capacity of the computer and make it a supercomputer that attempts 1 billion combinations per second (ofcourse hypothetically) then it will just take 22 seconds to crack the password. There you have it your correct password in 22 seconds. But wait, what if password contains special characters or is 10 characters long, then it will create 171.3 quintillion (1.71 x 1020) possibilities. Using a processor that tries 10.3 billion hashes per second, cracking the password would take approximately 526 years You can check how long it will take to crack your password here : https://www.betterbuys.com/estimating-password-cracking-times/ Just enter your password and it will show you the time required to crack it.  

How to defend against brute force attacks?

  • Increase password length and complexity:

    The longer the password is the more difficult it is to crack. You should try to have a password which:
    • Contains 12-16 characters.
    • Contains atleast 1 Capital and 1 lower case character.
    • Contains numbers and special characters.
  • Implement 2 factor authentication:

    Two factor authentication ads an extra layer of security while signing in, so that even if your password is compromised no one will be able to sign in to your account except for you.
  • Limit Sign in attempts:

    If you are a developer, you can limit the number of login attempts made on your site to prevent brute force attacks.
  • Use Captcha:

    Captcha helps in verifying whether the attempts are made by human or a bot who is continuously trying login combinations.
Found it Interesting? Got Something to ask?? Feel free to comment it below. Stay Secure ! Stay Happy !! For more CyberSec Blogs :- CLICK HERE

Comments ()


Sign in

Read Next

Caching windows

Blog banner

Subnet Masking

Blog banner

Process Description

Blog banner

Service design process in ITSM

Blog banner

Article on IT development trends

Blog banner

Internet of Things and cyber security

Blog banner

Paid Email

Blog banner

Deadlock and starvation

Blog banner

Virtual memory

Blog banner

Measuring IT Risk

Blog banner

IoT Architecture Based Security

Blog banner

Session Hijacking

Blog banner

Technological Advancement

Blog banner

Rock, Paper, Scissors Game in Common Lisp

Blog banner

Direct Memory Access

Blog banner

Cloud Technology and its Implications for Entrepreneurship

Blog banner

Operating system and overviews

Blog banner

Overcoming the bedtime brushing Battle with Dr. Roxanne Irani, Dentist in Maroubra

Blog banner

Analysis of Digital Evidence In Identity Theft Investigations

Blog banner

How the mobile IP is used in GSM architecture.

Blog banner

File system

Blog banner

Proton mail

Blog banner

BUSINESS MODELS OF E COMMERCE

Blog banner

Hubspot

Blog banner

BENIFITS OF YOGA

Blog banner

Boxing

Blog banner

Art and Culture of Rajasthan

Blog banner

NodeJs

Blog banner

The most common internet security threats

Blog banner

Mumbaicha Dabbawalla

Blog banner

Rules and Regulations of Networking: "Standards and Protocols" - Part 1

Blog banner

10 Interesting Facts about Attack on Titan

Blog banner

Fault Tolerance

Blog banner

Severe landslides continue to cause concern in Joshimath, Uttarakhand

Blog banner

Volatile Memory & Non-Volatile Memory Explained

Blog banner

AI and Cyber Security

Blog banner

Building Confidence in Children Through Daily Routines and Play

Blog banner

Disk Management

Blog banner

Big Data Architecture

Blog banner

Virus

Blog banner

Geographic Information Systems(By aditi Unnikrishnan)

Blog banner

Steganography

Blog banner