A Brute Force attack is a method in which repetitive and successive attempts are made to break any password or break into as website.In this approach combination of various passwords are used to gain access to any password protected file or website.The attacker keeps on submitting these combination of passwords until the correct one is found.This approach is very time consuming as its success rate depends upon matching the correct sequence of passphrases.Sometime the sequence matches in the very first attempt while it may possible that none of the combination match.
Also the greater the length of password more difficult it is to find the correct combination as with each passphrase the number of combination increases.
Types of Brute Force attacks:-
Brute force attacks are done commonly using any automated tool or software as manually it wouldn’t be possible to apply each possible combination.Following are the types of brute force attack-
1) Credentail Recycling-It is form of brute force attack in which username and password from previous attacks are used.
2) Reverse Brute Force Attack-In this method the attacker test a common password value for different usernames or encrypted files.
3) Dictionary Attack-It is another type of brute force attack in which all words in a dictionary are used to guess the correct password.
Ways to prevent brute force attack:-
1) Password Length-The longer the length of password the harder it will be to guess the password as the number of possible combination will increase with each additional character.That’s why many website enforce its user to set a password of certain length.
2) Password Complexity-By Password complexity it means to use combination of uppercase,lowercase,special symbols and numbers in password as complex passwords are harder to breach because they delay the cracking process.
3) Limit login attempts-It is another great way to limit hackers from accessing your website.After number of unsuccesful attempts the ip address should be blocked from further accessing the website.
4) Modifying .htaccess file– By adding rules to the .htacces file that the admin area should be accessible from a particular ip address.
5) Using Captcha-Captcha prevent bots from executing a particular script used in brute force attack.
6) Two Factor Authentication(2fa)-2FA offers an extra layer of security to your website as it requires two forms of authentication for accessing any account or website.One is your access password and another is the otp send to your’s trusted device or mail which you have added while enabling 2fa. Chances of executing successful brute force attack on 2fa protected sites are very thin.