What is a Brute Force Attack?
You may have heard the term “brute force” when looking for information on hacking, but you may not understand what it means. It’s a common term that is often used in the security world. Basically, the attacker submits many passwords either through a dictionary(password list) or auto-generated passphrases until the computer guesses the correct combination, like trying out all the possible combinations on a safe.
This attack requires minimal effort on the attacker’s part since modern computers can crack an eight-alphanumeric complex password in less than two hours. It can even take less time if your password is found in a recycled dictionary (credentials got from another breach). The most known password dictionary is rockyou which contains 14,341,564 passwords to date.
Brute Force attacks can be very problematic because once an attacker is in, it is tough to catch them, so most people try to protect their websites before the attack happens or detect and neutralize the attacker while the attack is happening.
How to protect yourself?
Protecting your website and credentials against Brute Force attacks isn’t hard. You just need to know the best practices:
Use Complex Passwords:
Using complex passwords makes it much harder for a computer to crack your password. Always make sure to include special characters such @,_ and !. You can always use cPanel included password generator to generate strong and complex passwords for you.
Increase Password Length:
Just using a complex password won’t completely protect you. As we mentioned above, a modern computer can crack eight-alphanumeric complex passwords in about two hours, so make sure to increase the length of your password.
Limit Login Attempts:
Limiting login attempts on your website will make it almost impossible for your password to be cracked, so if you can enable it on your website dashboard, you should.
Use Two-Factor Authentication:
Two-factor authentication adds a second security layer to your credentials by sending an OTP (one time) passcode to your phone number or email so that even if your password is compromised, the attacker won’t be able to access the app unless they get the OTP code.
Implementing captcha on your website is a great way to make sure that whoever is trying to access your website is a human, not a bot.
Brute force attacks can cause massive problems since they are very hard to notice if they are successful; however, preventing them is relatively easy if you follow the practices above. Never take your website or credentials security lightly, and always make sure that your website is secure as possible.