What types of brute force attacks are there

What is a brute force attack?

A brute force attack is a strategy that a hacker can use to steal passwords. It is in fact one of the most common methods for this, so we are facing an important problem that we must avoid.

It basically consists of trying multiple combinations over and over again until you find the right one. The objective is to find out what the username and/or password is to access a social media account, email, log in to a device, or any service that is protected by a password.

There are different tools that cybercriminals use to steal passwords. This allows them to carry out those brute force attacks that, as we will see, can be different.

Types of brute force attacks

Although the goal is the same, the strategy can change. There are different types of brute force attacks and, depending on the circumstance, the attacker can use one variety or another. However, for all of them, we can take into account protection measures.

Dictionary attack

This is one of the most widely used varieties of brute force attacks. As the name suggests, it is based on the dictionary and the multiple words that exist. What the application in charge of guessing passwords does is use all possible combinations of real words.

Many users, in order to facilitate logging into their accounts, use words that they can easily remember. This also includes first and last names. In this way, with a dictionary attack and as long as the conditions are met, the time to break an access key decreases considerably.

Credential Stuffing

In this case, the attackers are not trying to find out a password or a username; what they are looking for is to know where they can use it, if at all possible. They are based on data leaks that occur on the Internet. For example, if we are registered in a forum with a username and password and that data is filtered and exposed.

What they do is automate hundreds or thousands of logins to certain sites with those pairs of credentials. Many users use the same username and even password in more than one place. For example, a social network and also in the mail, a platform to watch streaming videos or anywhere else.

Reverse brute force

This variety of brute force attacks will know in advance what the password is. This generally occurs through leaks on the Internet. For example, if a service has had a problem, such as a social network, forum, etc. user passwords are exposed, but credentials are not.

What the attacker does is try thousands and thousands of combinations, of possible user names, that can be linked to a certain password that they have found. This is known as reverse brute force. The goal remains the same: to be able to access a user account.

Password spray

This is also known as password spraying. It is similar to reverse brute force. In this case, the attacker will have a series of usernames and passwords that have been leaked. You simply have to try the different combinations one by one until you find the correct one.

Therefore, the brute force consists of combining the thousands of user names with the thousands of passwords available. This will allow them, once they find the correct pair, to enter the victim's user account and have full access.

How to protect yourself from this security threat

We have seen that there are different types of brute force attacks that can put our passwords at risk. Now we are going to explain what we can do to be fully protected and not have any security problems of this type.

Use strong passwords

The first and foremost thing is to use keys that are totally strong and complex. This is the first security barrier to avoid intruders and therefore we must take care of every detail and generate passwords that really protect us and are difficult to find out.

So what is a strong password? It has to be totally random and unique. We must never use words or data that relate to us, nor use it in several places at the same time. Also, that key must contain letters (both uppercase and lowercase), numbers, and other special symbols.

Enable two-step authentication

A very interesting add-on is two-step authentication. More and more Internet services have this feature. Basically what they do is add an extra layer of security. A second step that we must take to log in.

If an intruder managed to figure out the password to log in, they would still have to put a second step. For example, it would be to receive a code that comes to us by SMS or by email. This allows us to authenticate on the network.

Avoid exposing personal information

This advice is rather common sense. We have seen that brute force sometimes uses data that we leave exposed on the network to be able to find out passwords.  Therefore, we must also avoid exposing personal information.

We refer, for example, to not giving data on the Internet that may be available to anyone. Personal data that we put through social networks when writing in a forum, putting a comment on a web page, etc.

Ultimately, brute force attacks are one of the varieties hackers use to steal passwords. We have explained what they consist of and what types there may be. We have also given some interesting tips to create good passwords and avoid these types of threats.