BRUTE FORCE ATTACKS

Recently, a friend of mine received a notification on his phone that someone tried to log in to his email account. Without realizing the implication, he ignored the email. Later on, he tried to access his PayPal account only to realize that his password had been changed and he had to do a password reset. When he was finally able to log in, he could not believe his eyes. His money had disappeared just like that. He did a follow up only to realize that the money had been exchanged for Bitcoin, which is almost impossible to track. Later on, he realized that the attacker had brute-forced his password and was lucky to crack it within a few trials. This incident, is a perfect example of a brute force attack.

What is a brute force attack?

A brute force attack uses trial and error to guess login info or encryption keys by attempting all the possible combinations until a match is found. It is like trying every key from a bunch of keys to open a lock until you get the right one.

Brute force attacks come in different forms. The most brute force technique is the dictionary, where the attempts the passwords in a dictionary of possible passwords. Another technique is the exhaustive search. In this case, the attacker uses software to try every possible combination. This method might take a very long time but will eventually break open the password.

The main aim of brute force attacks is to gain access to resources that would have been otherwise restricted. It can be a password-protected page, administrative account, even physical access to a protected room.

Just like any other cyber-attack, brute force attacks pose numerous threats to the victim. A brute force attack like the incident from my friend will lead to a financial loss. An attack on an administrative account can lead to sabotage. If the target was a physical room, a brute force attack might lead to theft.

How to prevent Brute force attacks

Have you ever tried to register for some website only to be told that your password is weak and you have to choose another one? Well, it can be annoying to fill in the details again. But believe it or not, it is for your protection. A strong password makes it difficult or impossible to hack your account.

As a user, using a strong password is the best defense against brute force attacks. Password strength is a measure of the effectiveness of a password against brute-force attacks. The systems developer on the other hand can implement measures such as limiting password trials, implementing Captcha, and using multi-factor authentication.

How to create a strong password

The first thing to keep in mind when creating a password is the length of the password. Always keep the password as long as possible. The password should contain at least one upper case letter, one lower case letter, and a number. To make it even stronger, you should include at least one special character.

Furthermore, avoid using guessable passwords such as your name, date of birth, or common passwords such as ‘password’ or ‘12345678’. Lastly, avoid reusing passwords because if an attacker cracks your password, it means they will be able to access everything.