Brute Force Attack

December 2022

Love Triangle You, Good Helper & 702it

Hey this is Tom, owner of 702it. Thanks for stopping by.

Cybersecurity is not new in practice. Not so long ago we just called is security. Do you know what we called passwords back in the day? Passwords! The media can get more clicks and scare more people assigning new names to old problems. The bottom line is we need to protect ourselves especially when creating and using passwords.

One of the ways the bad guys attack is by brute force. A brute force attack is trying to login to an account by guessing the password by using automation. There are many ways and methods the bad guys use brute force attacks, but we have the ability to stop them or at least slow them down. 

The first line of defense is good password structure. We all know the length and complexity of our passwords are in direct relation to how easy or hard it is to guess the password. Does your password have a dictionary word within? Do you use a different password for each login? A great way to way to come up with passwords is by joining two or three incongruent words, add a couple numbers and a special character and you have done your best. A couple examples would be a password like chocolatemouthwash!92 or televisionlake7#. These passwords would never be included in a dictionary brute force attack.

To be honest with you, complex passwords help but not fool proof. The next thing and please do this when and wherever possible is to turn on MFA (multifactor authentication) or 2FA (two factor authentication). You know when you receive a text with a code you to enter after your password. That’s MFA. Even if the bad guys know your password they will be stopped in their tracks once you turn on MFA.

The last thing I wanted to mention is restricting login attempts. Many devices and types of logins can be set to lock up after too many failed attempts. If the bad guys attack with a million passwords it will be slow going if we lock up the account they are attacking every 3 or 4 failed attempts. This happens to our phone servers all the time. The bad guys give up because we would stop them every third failed attempt. They attack from various networks across the global so when we block one address they try with another. Complete waste of their time since each address they attack from would be quickly blocked making their one million password attack useless. 

There are things you can do to protect yourself and your IT staff can also take steps to stop attacks before they happen. I can guarantee if you call me right now 702-357-4333 we will help make your company safer by doing all we can to prevent attacks. Thanks for watching and Make IT a Great day.

How about a coffee?

Coffee, tea, water, soda, pop we would love to hear about your business.