Skip to content

Brute Force

Easy — everyone uses thisSecurity

ELI5 — The Vibe Check

Brute force is the dumbest but sometimes effective hacking technique — just try every possible password until one works. No creativity needed. Hackers use bots that can try millions of combinations per second. Rate limiting, account lockouts, and long passwords are the defense.

Real Talk

A brute force attack systematically tries all possible input combinations to find a valid credential or key. Online brute force targets login forms; offline brute force cracks stolen password hashes. Defenses include rate limiting, account lockout, CAPTCHA, MFA, and strong password policies.

Show Me The Code

// Rate limit login attempts with express-rate-limit
import rateLimit from 'express-rate-limit';

const loginLimiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 5, // 5 attempts per window
  message: 'Too many login attempts, try again in 15 minutes',
});
app.post('/login', loginLimiter, loginHandler);

When You'll Hear This

"The login endpoint was getting brute forced — add rate limiting." / "A 12-character random password takes centuries to brute force."

Related Terms

Authentication (AuthN)

Authentication is proving you are who you say you are.

beginnerSecurity

DDoS (DDoS)

DDoS (Distributed Denial of Service) is when thousands of computers flood your server with so much fake traffic that it can't handle real users.

beginnerSecurity

Password Manager

A password manager remembers all your passwords so you don't have to reuse the same one everywhere.

beginnerSecurity

Two-Factor Authentication (2FA)

2FA means you need two things to log in: something you know (password) and something you have (your phone).

beginnerSecurity
Back to Browse Random Term

Made with passive-aggressive love by manoga.digital. Powered by Claude.