We’ve previously discussed guess attacks and dictionary attacks on your passwords. And we’ve determined now that password security is of the utmost importance. Just today I repaired a machine for a customer and their Vista login password was an old phone number of theirs. Seven digits that could easily be found with an archived search of readily available online databases. As much as passwords are a pain, your security and identity is far more important. Rather deal with a slightly complex password and a little bit of extra thought, than deal with the pain of a stolen identity and lost funds! With what we’ve learned thus far, there is still yet another method attackers can utilize to gain your password.
What’s a brute force attack?
In a brute force attack a hacker would utilize software that would essentially try every possible password. In theory, if there is no limit to the number of attempts, a brute force attack will always be successful since the rules for acceptable passwords must be publicly known; but as the length of the password increases, so does the number of possible passwords. This method is unlikely to be practical unless the password is relatively short.
A common password length recommendation is eight or more randomly chosen characters combining letters, numbers, and special characters (punctuation, etc). This is the key, and a must follow rule of thumb when it comes to making passwords. In addition, don’t use the same password on every website, and especially don’t use same or similar passwords on social networking sites, as you do for banking and online shopping sites that may store your credit card information.
Brute Force attacks get a little more complicated of course, and there are variations, both generic and smart attacks. More can be read about this here.