You’re likely aware that strong passwords are extremely important in protecting your accounts and your organization. Password control such as length, complexity, and two-factor authentication is critical for many reasons, one of them being to help defend against brute force attacks.
What is a Brute Force Attack?
A “brute force” attack is a cybercriminal’s attempt to break into an account by methodically guessing different password combinations using specific tools. It’s hard to picture how an attack like this would work, but these tools are designed to test thousands of combinations per second, meaning even a strong password could be compromised in minutes.
How Brute Force Attacks Work
The most common form of brute force attacks is the “dictionary attack”. Like it sounds, the cybercriminal uses words commonly found in the dictionary and tries various combinations of these words. To help them further, they can narrow their list by knowing certain words that may mean something to you, like your pet’s name, favorite food, or date of birth.
Credential Stuffing: The Most Dangerous Form of Brute Force Attacks
The most dangerous form of a brute force attack is credential stuffing. Credential stuffing is the cybercriminal’s attempt to use previously known usernames and passwords on various login pages. This is predicated off the assumptions that many of us reuse the same password, or a slight variation of it across many accounts. The credentials that the cybercriminal uses to start their attack are found on the Dark Web from previous data breaches. For more on the Dark Web and what it is, check out our post "Exposing the Dark Web & Keeping Your Business Protected".
There are many other tools and forms of brute force attacks that cybercriminals could initiate that can put our accounts at risk, but there are steps that we can take to protect ourselves.
How to Protect Against Brute Force Attacks:
1) Ensure that you have strong passwords.
Even adding one extra character can help add valuable uncracking time, so the longer your password is the better.
2) Do not reuse the same password across multiple accounts.
3) Enable “account lockout” wherever possible.
Account lockout will lock an account if there have been too many failed password attempts, which will help against these brute force attacks. Many sites have this already, but it may be a feature you need to enable.
4) Lastly, enable two-factor authentication (also known as “2FA”).
Multi-factor authentication (MFA) is also a great option, if not better. 2FA will require an additional authentication piece in order to access an account, so if a cybercriminal is able to get your password, they would need to access the other authentication layer to get in. Multi-factor authentication will require a code sent to your smartphone or an answer to a security question.
If you’re concerned about your business IT security or how to set up cybersecurity checkpoints to keep your business protected, call Encompass IT Solutions at (860) 785-6233 to set up a FREE IT consultation with some of our top cybersecurity specialists.