It also works by calculating every possible combination that could make up a password and be testing it to see if it is the correct password. As the password’s length increases, the amount of time, on average, to find the correct password increases exponentially.
Types of brute force attacks
- Dictionary attacks
Automated tools that try to guess usernames and passwords from a dictionary file. A dictionary file might contain words gathered by the attacker to understand the user of the account about to be attacked, or to build a list of all the unique words available on the website.
- Search attacks
Covers all possible combinations of a character set and ranges of password length. This attack might take some time because of a lot of possible combinations.
- Rule-based search attacks
Uses rules to generate possible password variations from part of a username or from modifying pre-configured mask words in the input.