Brute Force Attack

Security+ 🏆 • Threats ⚠️ • Network Attacks 🎯 • Authentication & Authorization 🔐 • Difficulty: free

Definition

A brute force attack is an attempt to gain access by repeatedly trying many possible passwords or keys until the correct one is found. Brute force can target online logins, encrypted data, or password hashes, and it succeeds when passwords are weak, protections are missing, or attackers have enough time and computing power.

Examples

An attacker tries thousands of password combinations against a remote login portal until an account is successfully accessed.
A criminal cracks a stolen password hash offline by testing millions of guesses per second using a GPU.

Discover 🔎

A brute force attack is the simplest idea in authentication abuse: keep trying until something works. It is not clever, but it can be effective when passwords are weak or when defenses are poorly configured. Brute force is also important to understand because it comes in many forms. Sometimes it is noisy and easy to spot, and sometimes it is slow and careful to avoid detection.

Remember: Brute force is about volume of attempts. It succeeds when the number of guesses needed is small or when the attacker can keep guessing without being stopped.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.