cyber attack

How to Identify and Stop Brute Force Attacks

Brute force attacks are on the rise. Between 2017 and 2018, they grew by 400% and continue to increase each year. Brute force attacks are one of the simplest methods used to gain access to anything password protected.

Brute force attacks aren’t that sophisticated, but they are unquestionably dangerous. So everyone needs to learn how to identify brute force attacks and keep them from succeeding.

What is a Brute Force Attack?

In a brute force attack, hackers try combinations of usernames and passwords over and over again until they break-in.

In the murky world of cybercrime, they program bots to magnify the power of these attacks. It allows them to perpetrate thousands of attempts per second.

You can try it out right now. Many networks use standard IDs like “admin” or “host.” You’re already halfway there.

Next, guessing the password.  If the password is 4-digit (like you find on smartphones), you have ten digits from 0 to 9. It means you have 10,000 possibilities. You can then use a pen and paper to figure out the password.

If you do this by yourself, it might take you several hours to guess the password. But imagine if you had somebody help you. Then it would only take half as long.

Hackers do the same. Except, of course, they use bots stored across thousands or even millions of computers. That increases their guessing power. They would crack a 4-digit password consisting only of numbers in a matter of seconds.

Your Online Accounts Have More Digits (Hopefully)

Online accounts don’t use only numbers. They also use letters, special characters, and they can be case sensitive. And there’s usually a requirement in place by a platform to have at least 8 characters in your password.

When you do follow these rules, it makes passwords much more difficult to guess by a brute force attack. In the end, even an 8-character password would have 6.0956894e+15 potential combinations.

Even with a computer that could guess 2 billion passwords per second, it would take more than a month to crack the password.

But don’t start relaxing just yet. There’s one problem here. Few people use random passwords like “2&JrGa2z.” 

A surprising number still use passwords on the 10,000 most common password list. You can bet hackers have this list and try all the passwords on it as their first attempt. Then they move to the 100,000 most common password lists working their way through the most common passwords.

More and more people fall into these categories until hackers have unlocked a vast number of accounts.

Even if you don’t have a common password, hackers have other tools at their disposal. One of the biggest is social engineering. They’ll use clues from your social media and other linked accounts to start narrowing down the possibilities. Once they’ve got this, it’s only a matter of time before they’re in.

How Can I Protect Myself from Brute Force Attacks?

Brute force attacks are usually crimes of opportunity. Hackers prey on easy targets to gain access to their online accounts and personal/work networks.

You can prevent brute force attacks by increasing your password security. Start by following these steps:

1.    Remove Common IDs

For any network you manage, you should remove standard IDs like “admin,” “guest,” and “host.” Disable them as soon as possible.

Create a unique login ID name instead that has administrative privileges. If you have guest users, you can create single sign-on accounts for them to use each time they access your network.

Make sure to limit guest privileges to only what they need to use, such as the internet or office apps and nothing else.

2.    Create Random and Lengthy Passwords

Use a password generator to create unique passwords that mix upper and lower case letters, special characters, and numbers.

Length is also vital. The longer, the better. A hacker can brute force a five-character password in an hour. Meanwhile, a twelve-character password could take 7.6 million years to break. 

There are many password generators online, but your best bet is using a password manager. Not only does it generate your passwords, but it also encrypts them for safe storing. Premium password managers also enable multi-factor authentication, use biometric security like fingerprint ID, and take advantage of backup and sync. You’ll know your passwords stay secure and up-to-date across all your devices.

3.    Monitor and Limit Login Attempts

All online platforms from Facebook to Gmail now send notifications to you anytime someone attempts to log in. Be sure to enable these alerts.

You can also limit attempts one can make. For example, if your WordPress site receives three failed login attempts, you can block the IP address to stop further attempts.

4.    Use Multi-Factor Authentication

Multi-factor authentication (MFA) creates another line of defense against brute force attacks. Sites that use MFA ask for a one-time PIN to login in. Enable it for all your accounts. It takes an extra second for you but reduces the efficacy of brute force attacks to nearly zero.


Put an End to Brute Force Attacks

Nowadays, there are many identification methods, and often you can skip using a password altogether. But it’s not the case for every platform, app, or device. So as long as you use passwords, don’t forget about brute force attacks. They’re getting more aggressive every day.

But you don’t have to be a victim of a brute force attack. Follow these strategies not only will prevent brute force attacks but can save you from other hacks from happening to you.