Brute Force Attack: What it is, signs to watch for, and how to stop it

Brute Force Attack

What it is

A brute force attack is password guessing on turbo. An attacker tries lots of combinations - sometimes millions - until one works. It’s not clever, just relentless, and it targets anything with a login or key: email, Wi-Fi, cloud apps, even encrypted files.

How it works (quick tour)

  • Online guessing: rapid logins against your account (or slower to dodge lockouts).

  • Password spray: the same common password tried across many users.

  • Offline cracking: stolen password hashes or encrypted files are attacked with powerful hardware and wordlists.

What you might notice

  • Repeated login alerts or MFA prompts you didn’t start

  • Account lockouts at odd hours

  • Security emails about new sign-in attempts or locations

Quick defenses

  • MFA everywhere: app codes or security keys beat guesses.

  • Strong, unique passwords: use a manager; avoid repeats.

  • Lockouts & rate limits: after a few bad tries, pause or block.

  • Blocklists & allowlists: deny risky countries/IPs; require VPN for admins.

If you’re being targeted

  1. Change the password to a unique, long one (from a clean device).

  2. Turn on MFA and remove weak fallback methods (SMS only, security questions).

  3. Review sessions/devices; sign out everywhere and revoke unknown tokens.

  4. Check recovery options (email/phone) and reset them if needed.

  5. Notify your provider/admin to enable extra throttling or IP blocks.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Account Compromise

        What it means: Someone who isn’t you gets into your account and can act as you. They might read your messages, change settings, or try to steal money. How it usually happens: Phishing: you’re tricked into typing your password on a fake page. Malware: ...

      • Data Breach Prevention

        Why it matters Breaches drain money, trust, and time. Strong basics turn scary “what ifs” into non-events: a phish gets ignored, a stolen password is useless, a lost laptop holds only encrypted gibberish. The short, smart checklist MFA everywhere: ...

      • Account Hijacking

        What it is (in plain words): Account hijacking is like someone slipping into your online life and wearing your name tag. They post as you, peek at your messages, even lock you out. It often starts small — a fake login page, a weak password — and ...

      • Password Sniffer

        What it is A password sniffer is malware or a rogue tool that captures login credentials as they travel over a network. On unsafe Wi-Fi or misconfigured systems, it can read usernames, passwords, cookies, and session tokens to hijack accounts without ...

      • Email Attack

        What it is An email attack uses your inbox as the doorway. Criminals send messages that trick you or deliver malware - from fake “account alerts” to booby-trapped invoices - aiming to steal logins, install spyware/ransomware, or get you to send ...