What is Brute Force Attack? How to defend against it?
What is Brute Force Attack?
Brute force attack is one of the password guessing attacks wherein the attacker tries to get access to a server or website by constantly trying various combinations of usernames and passwords. It is a trial and error approach hoping to get correct combination of user credentials.
Let’s get practical:
Suppose you know username of a website is “admin”, now you just have to guess the password for a successful login. The password field nowadays contains at least 8 Alphanumeric characters.
Considering this how much time do you think it will take to crack this password?
There are 26 alphabets in English. Double them as password will contain both UPPER and lower cases, so we have 26+26 = 52 characters.
Now there are 10 numeric digits (i.e. 0-9).
Adding them: 52+10=62
So, there are total 62 possible characters for each character of password.
For 8-character-password, it will be (62)8 which will make 218,340,105,584,896 (i.e. 218 trillion) possible combinations.
If we attempt 218 trillion combinations at one try per second, it would take 218 trillion seconds or 3.6 trillion minutes. In other words, just around 7 million years would be required to crack the password with the final combination.
Now Suppose your computer tries 1000 combinations per second that will still take 7 thousand years.
If we increase the capacity of the computer and make it a supercomputer that attempts 1 billion combinations per second (ofcourse hypothetically) then it will just take 22 seconds to crack the password.
There you have it your correct password in 22 seconds. But wait, what if password contains special characters or is 10 characters long, then it will create 171.3 quintillion (1.71 x 1020) possibilities. Using a processor that tries 10.3 billion hashes per second, cracking the password would take approximately 526 years
You can check how long it will take to crack your password here : https://www.betterbuys.com/estimating-password-cracking-times/
Just enter your password and it will show you the time required to crack it.
How to defend against brute force attacks?
- Increase password length and complexity:The longer the password is the more difficult it is to crack. You should try to have a password which:
- Contains 12-16 characters.
- Contains atleast 1 Capital and 1 lower case character.
- Contains numbers and special characters.
- Implement 2 factor authentication:Two factor authentication ads an extra layer of security while signing in, so that even if your password is compromised no one will be able to sign in to your account except for you.
- Limit Sign in attempts:If you are a developer, you can limit the number of login attempts made on your site to prevent brute force attacks.
- Use Captcha:Captcha helps in verifying whether the attempts are made by human or a bot who is continuously trying login combinations.
Found it Interesting? Got Something to ask??
Feel free to comment it below.
Stay Secure ! Stay Happy !!
For more CyberSec Blogs :- CLICK HERE