What Is a Brute-Force Attack?
a Brute-Force Attack — an attack that systematically tries many passwords or keys until one works — relying on computing power and weak or reused credentials rather than any clever trick.
How it works
A brute-force attack simply guesses, at speed — trying every combination, a dictionary of common passwords, or leaked credential lists (credential stuffing). Weak, short or reused passwords fall quickly. Defences include account lockouts, rate limiting, strong password policies, and especially MFA, which makes a guessed password insufficient on its own.
Why it matters
Brute-force and credential attacks are extremely common, and their signature (many failed logins, then maybe a success) is a key thing SOC analysts detect in logs. The defences — lockouts, rate limiting, MFA — are standard security controls. This site's own login uses lockout throttling for exactly this reason.
Frequently asked questions
What is a brute-force attack?
An attack that systematically tries many passwords or keys until one works, relying on speed and weak credentials rather than exploiting a specific flaw.
How do you defend against brute-force attacks?
Account lockouts after failed attempts, rate limiting, strong password policies, and multi-factor authentication so a guessed password alone isn't enough.
What is credential stuffing?
A brute-force variant that replays username/password pairs leaked from other breaches, exploiting password reuse across sites.
Related articles
Want hands-on training?
Learn this on real Cisco lab devices with placement support at Attila Technologies, Ahmedabad.