Brute Force Attacks

What Is A Brute Force Attack? How To Protect Yourself.

Introduction

I fix computers. We (Computroon) have a loyal customer base built up over many years that trust us with their data.

When fixing computers we often require the sign-in password for the front end to get in to Windows.

The reason for this introduction is this:

“I get to see the level of passwords that are commonly used as logins. And far, far too often, they simply aren’t secure enough”.

They are wide open to “brute force attack”.

What Is Brute Force Attack?

A brute force attack is when instead of an actual human hacker, sitting in a dark lit room trying to access your accounts. A bot gets to work on hacking your account. Brute force attack uses trial & error until it eventually cracks the code.

What Is A Bot In Hacking Terms?

A bot is a computer. Bot is short for robot. Instead of a human hacker trying to sit there guessing your password, it is a command that is programmed to keep trying over and over again over a period of time.

A Bot Attack:

  • Will use leaked information to hack your account.
  • Will attempt to use common combinations.
  • Commonly used passwords.
  • Use words from your current or past address, house number, street, town, county.
  • It will even try the name of your pet!

How Does It Know This Information?

These are computers. Not humans. These are bots. They have a data sheet with information about you.

Have you ever mentioned the name of your cat or dog in a social media post in the last 10 years? That’s how they know the name of your dog. They know the names of your children or grandchildren.

Bots will continuously & repeatedly pulse that information slowly over a server until they gain access.

Basic Example Of A Bot At Work

Many years ago, in the early days of WiFi, our routers were password protected with WEP keys. Early WEP keys were numerical. Nine digit codes from 0-9. eg. 102993826.

Hackers could assign a piece of bot software to continuously attempt to gain access by running through every combination.

This is known as a brute-force attack.

This would lead to neighbours being able to access the internet for free via your router. Or even worse, a hacker sitting outside your house in a van watching everything that you do on the internet.

Thankfully technology has moved on. Encryption standards are much better these days.

The Problem Is… Human Complacency.

All these new industry standards in place and high level encryption protocols as standard but too many people think that an acceptable level of password to use includes the name of their dog with their house number at the end.

How To Protect Against Brute Force Attack

  1. Make a better password.
  2. Never use your email password for anything else.
  3. Never use any personal information within a password.
  4. Never use generic password words.

Let’s Explain Each Of These 4 Key Points

Make A Better Password

Mix things up a bit. Make the 3rd letter a capital instead of the first. Don’t go with the obvious replacing the number 1 with the letter l. Or the letter a with the @ symbol.

Never use your email password for anything else.

Your email password should be unique to your email account. Never use that password for anything else. Every other account that you have has a “Forgot Password” feature. Your email password is paramount in keeping every other account secure.

Never use any personal information within a password.

Ask yourself this… “does you password include any information that might appear on a data sheet about you”? This is important to prevent brute force attacks. If you have any personal information within your password – change it. This includes name or address info, family member’s names, car details, etc. The list goes on. DO NOT include anything in your password that relates or connects to you.

Never use generic password words.

Letmein, qwerty, password, 246810. Here is a link to a Wikipedia article about the most commonly used passwords. If yours even includes anything similar to these… change it today.

What Makes A Good Password?

Random nonsense that is not relevant to you. Something that you can remember (blocks of 3) but makes no sense whatsoever and is not relevant to you.

“x8Pdy$cu7qK” is a good password but you’ll never remember it.

Think of 3 different subjects that you aren’t really interested in. Eg. Star Trek, baking and golf.

Spockbunclub would be a good password.

spockbuncLub£6 would be even better.

You get the idea.

A brute force attack on your account would be ruled out. It would take a computer years to get to that combination.

Old Methods

Brute force attacks have been around for years. They are less effective now as most modern day servers will lock-down after a few incorrect attempts.

However if you have used the same old password for everything for years, your accounts become “sitting ducks” for these bots.

If a website gets hacked or compromised, your data is at high risk. This might be some old forum that you used to be a member of. Or some website that you made an account for years ago.

When fixing computers, too often customers will say to me, “try this password because it’s the same one that I’ve always used for everything”!

Changing your password to something more secure will make it much more difficult for brute force attack bots to succeed in breaking into your accounts.