Every day, there are announcements about how easy it is to be hacked and how much of your data may already be in the hands of cyber-criminals. Malware, ransomware, data breaches, viruses - these are words that we hear all the time and are the kind of problems that make IT experts nervous.
A strategy to gain access to your information has been on the rise in terms of popularity - the brute force attack. What exactly is a brute force attack, and what can you do to stop these from happening?
Brute Force Attacks
A brute force attack occurs when a hacker attempts to log into your account by trying every possible combination of a password.
Once they find out what your username is, all they need to do is guess your password to access your information. The hacker will try the first possible password and when that fails, they'll try the next one and the next and so on until they happen to successfully guess the correct password. This is incredibly time-consuming, but there are apps and programs that help hackers by automating the process.
The Math Behind the Attacks
Let's say you wanted to use a brute force attack to try and hack someone's ATM personal identification number (PIN). Most of these are four random digits, each one a number from 0 to 9. That means if a hacker were to randomly try all the combinations (starting with 0000 and ending with 9999), then they would wind up having to try ten thousand different PINs.
An email password usually has eight characters, not four, and it also includes letters and numbers. There are 26 lowercase letters, 26 capital letters, and 10 numbers for a total of 62 possible characters for each of the eight characters in a password. That's over 200 trillion possible combinations, not including special characters (such as !, @, and #) and longer passwords that can add to the complexity.
Before you think that this would be impossible to acquire with a brute force attack, you need to realize that a network of hackers working together could crack your password in less than a minute using random generators.
How to Protect Yourself from Brute Force Attacks
If you want to avoid being a victim of such an attack, then there are a few things that you can try.
- Creating the most complex password possible - There is no guarantee that this will make you completely safe, but it does help. If a password is too complex, then hackers may move on to an easier target. A 12 to 16 character password is even more secure and it should be a random mix of lowercase letters, capital letters, numbers, and special characters.
- Limiting login attempts - The easiest solution to this problem is by limiting the number of attempts you have to log in. If you limit the number to 3, then you get three opportunities to enter the correct password. That way, if you make a mistake when logging in, you still have two other chances. After the third log-in attempt, the system will lock the account until it is either verified by email or a time limit is reached. This means that a hacker has only three chances to try to break in before the alarm goes off and the account is locked.
- Enabling two-factor verification - Another way to do this is to enable two-factor verification. In this case, the hackers may be able to use brute force to get your password, but after they enter it, they must also enter a code that is messaged to your cellphone or created by a 3rd-party app. To hack your account, they would have to steal your password AND your physical cellphone. Some common Two-Factor Authorization apps are Google Authenticator, 1Password (also doubles as secure password vault), LastPass Authenticator (only for IOS), and Authy.
Keep Your Website Safe
Brute force attacks have been a problem for a long time, whether you knew it or not. With new advances in security such as two-factor verification, it is possible to block these hackers and stay one step ahead of them. Make sure to always have the security of your website a top priority - not just for you, but for your visitors and customers as well.