In the field of cryptography, brute-force attacking is a method to discover an unknown password. It consists of an attacker trying the entirety of password possibilities in the eventual hope of guessing it correctly. It’s a systematic approach to trying every single password until the correct one is found. Although it is extremely time consuming, these attacks happen frequently and are generally infallible since it attempts to use literally every single character possibility, at any length and any combination. With the right program and a strong computer, many passwords are quite simple to unlock.
It’s important to note that brute-force attacks are incredibly fast when the password is uncomplicated or contains only a few characters. Generally, passwords that are only alphabetical and without numbers or special characters can be cracked almost instantly with the correct program. However, the more characters you have, the more difficult it is to crack.
Follow these critical rules when creating your passwords:
1. The characters used should ALWAYS have letters, numbers, AND symbols.
2. You can create a strong password that is memorable, but still complicated.
3. Have 2 or 3 completely different passwords that you have memorized and use 2 or 3 variants of each password. This will be especially helpful when you need to change a password or when you need to periodically rotate passwords for security purposes.
4. Get creative. Don’t just use a single, commonly used symbol at the end. Try using two different words that you like or even use a phrase or a few words together along with numbers and symbols that you’ll remember easily.
5. The more characters you have, the better. Don’t have a password less than 10 characters. Because a brute-force attack is a search methodology, the problem-solving technique of enumerating all candidates and checking each one will always exponentially take longer in correlation with the password’s length.
6. Though they are typically a simple guide to password creation, password-checkers can sometimes be helpful. Try this one or This one.
These attacks aren’t only performed on regular endpoints, in fact, much of the time they are used to compromise servers. At Cloud 9 Computing Group, we use a service called “RDP Guard” to protect against any brute force attack. It prevents many varying types of cracks, even more sophisticated programs, by blocking IP addresses that fail to correctly enter the password after a certain number of attempts. This truly prevents the entrance of an unwanted intruder at the source.