Skip to content



With a brute force attack, the attacker attempts to crack a password or username using an “exhaustive search” or trial and error approach. In cryptography, a brute force attack consists of the attacker submitting many passwords or passphrases, systematically checking all possibilities until the correct one is found. Brute force attacks are usually aimed at obtaining personal information such as passwords, passphrases, usernames and Personal Identification Numbers (PINS).

The longer the password, the more combinations will need to be tested. If methods such as data obfuscation are used, the brute force attack can be difficult to perform and even impossible. However, if the password is weak, finding it could take seconds with hardly any effort on the attacker’s part. This is why all organizations and users should adopt a strong password policy across all applications and systems.

Brute Force Attacks include:

  • Simple Brute Force Attack
  • Dictionary Attack
  • Hybrid of Simple and Dictionary Brute Force Attacks
  • Reverse Brute Force Attack
  • Credential Stuffing

Learn More About Contrast Security

Back to Listing