Brute-forcing is perhaps the most infamous form of password cracking. As the name suggests, it’s not particularly complex – it’s a trial-and-error method that is the cyber criminal’s equivalent of a medieval army’s battering ram. There are three main types:
Simple Brute Forcing: A hacker will pick a target, and then try lots of very basic, common passwords (e.g. Password123) in the hope the victim has used weak credentials.
Dictionary Attacks: While not considered a true brute-forcing technique, dictionary attacks still embody the trial-and-error spirit. In these attacks, hackers will try all the words in a dictionary (although often this is streamlined to common words/phrases), replacing letters with numbers. This is a relatively cumbersome way to brute-force an account.
Reverse Brute Forcing: In reverse brute-forcing attacks, instead of trying lots of passwords against one username, the attacker will try a single password against lots of usernames, typically leaked online during a data breach.
As mentioned previously, there are now tools available that can automate much of the brute-forcing process, so hackers can try thousands of passwords in minutes.
Comments