dark mode light mode Search Menu

Who’s Muscling in on Your Data?

US Department of Education on Flickr

If you imagine how a hacker manages to break a password, you may imagine them trying all sorts of special algorithms and secret techniques to crack the code. In truth, sometimes a hacker doesn’t have to work so hard. Sometimes, people’s passwords are so weak that hackers can use really simple techniques to crack them.

One example of this is the rightly-named “brute force attack.” This is when a hacker doesn’t use any fancy tools or espionage to break a password. Instead, they continuously enter passwords until they get the correct one.

Do you know those combination locks that go from 0000 to 9999? Have you ever been tempted to enter in 0001, then 0002, and so on until you got the right number? That’s a good example of a brute force attack; you have no idea where to start or what to guess, so you just start from the start and keep going until you hit the right code.

At its basic level, brute-forcing a password involves beginning from the very start and working upward. If a password can be one character long, this involves trying “a,” then “b,” all the way to Z. Then the hacker needs to try the capital variants of each letter because passwords care about whether a letter is a capital or not (also known as ‘case-sensitive’).

Once the letters are all done, the hacker tries the numbers 0-9, then all the symbols on the keyboard. If none of those work, they then go the next step up and enter “aa,” “ab,” etc until they do all possible combinations and crack the password.

A hacker doesn’t actually sit down and type all these out; that would be way too much work! Instead, they get a powerful computer to do it for them. These computers can rattle off passwords really quickly, so weak passwords stand no chance.

There are other ways hackers brute-force a password. Dictionary attacks, for instance, use words found in the dictionary in hopes someone set their password to something like “hummingbird” or “zebra.”

Hackers may also try the most-used passwords on the internet in hopes that their target used them. Examples include “qwerty,” “password,” and “opensesame”: all very popular passwords.

So, how do you stay safe from these attacks? To defeat regular brute-force attacks, try to make your passwords long. If you think about it, the more letters, numbers, and symbols you add to a password, the longer it takes to guess.

For instance, “cat” will be cracked pretty quickly because it’s only three letters long; however, “thecatonthemat22” has 16 characters to it. The cracker will have to check every single potential 1-character password, every 2-character, 3-character, and so forth before it reaches 16-character passwords.

If you use My1Login’s password strength meter, you can see how long it takes for a password to be brute-forced open. “Cat” will only last 0.05 seconds according to the website; “thecatonthemat22” would last a month!

For dictionary attacks, try not to use only words you could find in the dictionary. Try to mix things up by replacing letters with numbers and symbols, or add them at the end if you want. Also, be sure not to use a popular password that loads of other people use.

Websites also do their part to make it hard for hackers to brute-force passwords. Before reading on, try to think of some ways you could stop brute-force attacks from cracking a password, and how websites protect you.

First, websites often ask for at least a set amount of characters, such as six characters. This stops really short passwords like “cat” from being broken open quickly. Websites also often ask for numbers and symbols to appear somewhere, to stop dictionary attacks. Finally, websites typically lock down an account if too many incorrect entries are made, which means a hacker has a very small window to brute-force a password before they’re kicked out.

The next time you’re making a password, try to think of ways to make it really secure without making it too hard to remember. Remember; just a handful of numbers and symbols go a long way!

Learn More

What Is a Brute Force Attack?


List of the most common passwords


My1Login password strength checker


Brute Force Attack


Types of brute force attacks


How to choose a strong password


Tips for strong passwords


Creating and remembering strong passwords


Dictionary attacks


What is a dictionary attack?


Brute force attack facts


Teaching kids to create secure passwords


Phishing and password attacks


Safe password tips for children