Brute Force Attack

“Brute force” translates as “brute force”. In IT, this brute force corresponds to a less sophisticated approach: indiscriminate trial and error. In a “brute force” attack, an attempt is made to guess passwords or keys by calculating and trying out as many character combinations as possible in the shortest possible time.

What does “brute force” attack mean in detail?

“Brute force” attacks are carried out automatically. This allows you to calculate and try out a large number of character combinations in a very short time: Due to high computing power, up to 2 billion possible passwords can be calculated per second. A standard computer can calculate about 1 billion possible combinations per second. The more complex a password is, the more time it takes to calculate a brute force attack and the greater the chance that this attack will fail. The more different types of characters are used and the longer the password, the more complex it is.

Starting from a calculator that calculates 1 billion possible combinations per second:

• An 8-character password consisting only of numbers (e.g. a date of birth) can be calculated in 0.1 seconds at the latest. With 9 characters: 1 second.
• An 8-character password consisting of uppercase and lowercase letters can be guessed in 15 hours at the latest. With 9 characters: 33 days.
• An 8-character password made up of numbers, uppercase and lowercase letters, and special characters takes up to 84 days of computing time. With 9 characters: 22 years.
• Many brute force attacks also use lists of common passwords (e.g., 123456, admin)

Please keep in mind: It is unlikely, but possible, that your password happens to be one of the first calculated possibilities in a brute force attack. The more complex your password is, the less likely it is.

Where do I encounter the topic of “brute force” in my everyday work?

In principle, you will encounter it with every password you use. Pay attention to how they are put together. The more complex they are, the better protected you and your company are from a brute force attack.

What can I do to improve my security?

• Use strong passwords. The longer and the more different types of characters (numbers, uppercase letters, lowercase letters, special characters), the better.
• Replace easy-to-guess passwords (123456, admin, ilovexxx, etc.) with complex passwords
• Mix multiple types of characters wherever you can (numbers, uppercase letters, lowercase letters, special characters).
• Don’t be brief. The longer your password, the better.
• If necessary, use a password manager to manage these complex passwords
• Wherever possible, use two-factor authentication offered. As a result, cybercriminals encounter another hurdle even after calculating your password.