# What is a Brute Force Attack?

Every day, it seems that there are frightening new announcements about how easy it is to be hacked and how much of your data may already be in the hands of cyber-criminals. Malware, ransomware, data breaches, Trojan viruses — all these terms have now become part of our vernacular; indeed, these are the kinds of computer problems that make IT experts start to sweat.

But there is a tactic that has been used for years and is only growing in strength and frequency — the brute force attack. What exactly is a brute force attack, and what can you do to prevent these from occurring? Let’s look and see what’s involved:

## What’s a Brute Force Attack?

Once they determine what your username is, they simply try the first possible password. When that fails, they try the next one and the next and so on until they happen to luck upon the correct password. This is incredibly time-consuming, but there are apps and programs that aid the hacker by automating the process.

## The Math Behind Brute Force Attacks

Let’s say you wanted to use a brute force attack to try and hack someone’s ATM personal identification number (PIN). Most of these are four random digits, each one being from 0 to 9. That means if a hacker were to randomly try all the combinations (starting with 0000 and ending with 9999), then they would wind up having to try ten thousand different PINs.

An email password usually has eight characters, not four, and it also includes letters and numbers. There are 26 lowercase letters, 26 capital letters, and 10 numbers for a total of 62 possible characters for each of the eight characters in a password. That is over 200 trillion possible combinations, not including special characters (such as !, @, and #) and longer passwords that can add to the complexity.

But before you think that this would be impossible to acquire with a brute force attack, you need to realize that a network of hackers working in unison could crack your password in less than a minute using random generators.

## How to Protect Yourself from Brute Force Attacks

If you want to avoid being a victim of such an attack, then there are a few things that you can try.

### Use the most complex password possible

This one is no guarantee against making you totally safe, but it helps. If a password is too complex, then the hackers may skip you over to an easier target. A twelve-to-sixteen character password is even more secure and it should be a random mix of lowercase letters, capital letters, numbers, and special characters.

### Limiting log-in attempts

The easiest solution to this problem is by limiting the number of log-in attempts you have each time. If you limit the number to three, then you get three opportunities to enter the correct password. That way, if you make a mistake when logging in, you still have two other chances. But after the third log-in attempt, the system will lock the account until it can either be verified or until a time limit is reached. This means that a hacker has only three chances to try to break in before the alarm goes off and the account is locked.

### Enabling two-factor verification

Another way to do this is to enable two-factor verification. In this case, the hackers may be able to use brute force to get your password. But when they enter it, they must also enter a code that is messaged to your cellphone. To hack this account, they would have to steal your password AND your physical cellphone…a difficult proposition.