Brute Force

Authentication & Authorization 🔐 • Threats ⚠️ • Sec+ Glossary 📖 • Security+ 02 • Difficulty: free

What is Brute Force?

A brute force attack is an attempt to gain access by systematically trying many possible passwords, keys, or combinations until the correct one is found.

Examples

An attacker repeatedly submits password guesses against a login page until one works.
A stolen encrypted file is targeted with a brute force process that tries large numbers of possible decryption keys.

Discover 🔎

Some attacks rely on deception, malware, or stolen credentials. A brute force attack relies on persistence and volume. The attacker keeps trying possible answers until the right one is found.

That makes brute force one of the simplest attack ideas in security. It does not depend on a clever story or a hidden exploit. It depends on the fact that if a secret is weak enough, short enough, or poorly protected enough, repeated guessing may eventually succeed.

Remember: Brute force is not about tricking the system. It is about exhausting possibilities until the correct value is discovered.

Summary 📝

A brute force attack is a direct, systematic attempt to discover a password, key, or other secret by repeated guessing. Its success depends on the strength of the secret and how much room the attacker has to keep trying. Strong passwords, secure storage, rate limiting, and MFA are all important because they either enlarge the guessing problem or reduce the attacker’s ability to keep testing guesses.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.