Mask attacks are similar to brute-force attack but the exception being some characters or passphrases are known.While in case of brute force attack each and every possible combination of passphrases are tried unless succeed whereas in case of mask attack the attack is more precise based on known information.
for example- If it is known to you that the last 3 characters of a password are alphabets then you can set your mask attack for checking passwords which ends with alphabets and will pass all those combinations ending wiht numbers or any special characters.
Success Rate of mask attack are more as compared to brute force attack as based on known information the total length of password decreases so does the number of combination
How to Prevent Mask Attack?
1) Don’t share Password- Don’t share your password to unknown person or anyone else.
2) Update your password- Update your password at regular interval of time.
3) Password length-Keep your passwords as lengthy as possible because thought the attacker is aware of few characters but still he has to figure out all remaining combination of passphrases.
4) Password Complexity– By password complexity it means password should be combination of uppercase, lowercase,numbers and special characters.
5) Limit login attempts-Limit the number of unsuccessful attempts and block the user address on attempt limit exceed