What types of brute force attacks are there

Types of brute force attacks

Although the goal is the same, the strategy can change. Brute force attacks come in different types and, depending on the circumstance, the attacker can use one variety or another. However, for all of them we can take into account protection measures.

Dictionary attack

This is one of the most widely used varieties of brute force attacks. As its name suggests, it is based on the dictionary and the multiple words that exist. What the application in charge of guessing passwords does is use all possible combinations of real words.

Many users, in order to make it easier to log into their accounts, use words that they can easily remember. This also includes first and last names. In this way, with a dictionary attack and as long as the conditions are met, the time to break an access key decreases considerably.

Brute force attack to break passwords

Credential stuffing

In this case, the attackers are not trying to find a password, or a username; what they want is to know where they can use it, if possible. They are based on data leaks that occur on the Internet. For example, if we are registered in a forum with a username and password and that data is filtered and exposed.

What they do is automate hundreds or thousands of logins on certain sites with those pairs of credentials. Many users use the same username and even password in more than one place. For example a social network and also in the mail, a platform to watch streaming videos or anywhere else.

Reverse brute force

This variety of brute force attack is going to know in advance what the password is. This generally occurs through leaks on the Internet. For example, if a service has had a problem, such as a social network, forum, etc. User passwords are exposed, but credentials are not.

What the attacker does is try thousands and thousands of combinations, of possible user names, which may be linked to a certain password that they have found. This is known as reverse brute force. The goal remains the same: to be able to access a user account.

Password spray

This is also known as password spraying. It is similar to reverse brute force. In this case, the attacker will have a series of usernames and passwords that have been leaked. You simply have to try the different combinations one by one until you find the correct one.

Therefore, brute force consists of combining the thousands of usernames with the thousands of passwords available. This will allow them, once they find the correct pair, to enter the victim’s user account and have full access.

How to protect ourselves from this security threat

We have seen that there are different types of brute force attacks that can put our passwords at risk. Now we are going to explain what we can do to be fully protected and not have any security problems of this type.

Use strong passwords

The first and most important thing is to use keys that are totally strong and complex. This is the first security barrier to avoid intruders and therefore we must take care of every detail and generate passwords that really protect us and are difficult to find out.

So what is a strong password? It has to be totally random and unique. We should never use words or data that relate us, nor use it in several places at the same time. Also, that key must contain letters (both uppercase and lowercase), numbers, and other special symbols.

Enable two-step authentication

A very interesting complement is that of the two-step authentication. More and more Internet services have this feature. Basically what they do is add an extra layer of security. A second step that we must take to log in.

If an intruder managed to figure out the password to log in, they would still have to put a second step. For example, it would be to receive a code that comes to us by SMS or by email. This allows us to authenticate on the network.

Where to use two-step authentication

Avoid exposing personal information

This advice is rather from common sense. We have seen that brute force sometimes uses data that we leave exposed on the network to be able to find out passwords. Although having a password with the requirements that we have indicated we will have a lot to win, we must also avoid exposing personal information.

We refer, for example, to not giving data on the Internet that may be available to anyone. Personal data that we put through social networks, when writing in a forum, putting a comment on a web page, etc.

Ultimately, brute force attacks are one of the varieties hackers use to steal passwords. We have explained what they consist of and what types there may be. We have also given some interesting tips to create good passwords and avoid these types of threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *