Brute Force and Dictionary Password Attacks – Why You Should Be Concerned about Them?

Brute Force and Dictionary Password Attacks

In the age of the IoT, the average netizen considers their password to be one of their most prized assets. You will find that a person’s password is their best-kept secret. Be that as it may, there have been a lot of shocking patterns that have been observed in the way we create and use passwords as netizens.

While the average person knows not to hand over their password willingly, behaviors like reusing passwords or creating passwords with little thought for security have led to many people falling victim to password attacks.

Over 23 million people use “123456” as their password. Equally baffling is the fact that 90% of netizens are worried about their passwords being hacked, and 91% of people know that password reuse is wrong, and yet 75% of people still reuse passwords, with 83% of Americans found using weak passwords.

NordPass’s list of top 11 commonly used passwords in the world

A lot of netizens aren’t aware of how easy it is to crack their passwords. They believe that their passwords aren’t of importance to hackers anyway. The result of these two factors is that 81% of hacking breaches are caused by compromised passwords.

Two major password attack styles are so easy to pull off that every netizen should be aware of them. These are the brute force and dictionary password attacks.

Brute Force Password Attack

A brute force password attack is where the hacker tries to guess your password by trying every possible combination of words and letters. It mostly involves using computers with powerful processing speeds that can try an astonishing number of password combinations over a long period of time until it gets it right.

Depending on the length of the password, the type of input (words, numbers, symbols, or a combination of everything), it can take anywhere from a couple of seconds to some months. A very lengthy password can be an effective deterrent to brute force hacking because it significantly increases the time needed to crack the password.

It is important to note that the password length is only effective when numbers, symbols, and words (in both upper and lower case) are used to create such a password. Using just one type of input makes the password more vulnerable, especially when names or dictionary words are included in the password.

Brute force password attacks are really scary because, despite being quite an old-school technique, it works on many online platforms that don’t have any measures in place to tackle it. It works even more efficiently on offline applications and documents where password tries and other cybersecurity measures can’t be adequately implemented or enforced.

Dictionary Password Attack

Dictionary password attacks are similar to brute force attacks. Some might go so far as to say that dictionary password attacks are an extension of brute force attacks owing to their similarities. A dictionary password attack is more calculated in that it makes use of dictionary words or a select list of likely passwords and uses those to try to crack a user’s password.

Dictionary password attacks are a lot faster than brute force attacks because it employs more of an understanding of user password behavior. As established earlier in this article, netizens aren’t very creative or security conscious when choosing a password for their account(s).

Dictionary passwords are a lot scarier than brute force attacks, especially when you consider that there are readily available comprehensive lists of commonly used passwords that track user behavior. Similarly, released usernames and passwords from past successful hacks have also exposed passwords still in use. There is an implicit and explicit burden placed on netizens to create better passwords now.

Minimizing Your Exposure

Cybersecurity experts are beginning to understand that it is easier to make it harder for hackers to gain access to user accounts than it is to make netizens improve their password setting behavior. As such, new protocols have been implemented to help ensure user accounts remain protected, such as:

1. 2FA (Two Factor Authentication) 

2FA has become quite popular because of its efficiency. It involves verifying the user of an account after a password has been input by sending a verification text to the user’s email or phone number. Netizens must enable this feature on their accounts.

2. TypingDNA

TypingDNA is a new feature that is beginning to feature on different web platforms. It can be quite effective in reducing the success rate of brute force and dictionary password attacks. Where possible, opting for it can be beneficial.

3. Password Length

Ensuring that you use passwords that are at least eight characters long with a combination of uppercase letters, lowercase letters, numbers, and an alphanumeric key can make brute force, and dictionary password attacks a futile attempt.


While many users find this particular feature annoying, it is a rather effective deterrent to a lot of bots that roam the internet, harvesting data. By ensuring that every perceived user takes the CAPTCHA test, brute force and dictionary password attacks lose their use case as the biggest reason hackers use them is that they can be automated.

5. User Lockout Configuration

This feature can be very annoying if you’re someone who is very forgetful. It does have its benefits as it is arguably the biggest deterrent to brute force and dictionary password attacks. User lockout configuration limits user password tries so that when someone exceeds the number of tries, the user is restricted from accessing the account for a period of time, effectively preventing unlimited password tries.

6. Password Manager

One major reason why passwords can be easily compromised is that people are known to reuse their passwords. The average person reuses the same password as much as 14 times. Many cite the fear of forgetting their passwords as a reason for reusing them. This is why password managers are a solution, as they are a secure way to store passwords.

Most people already use password managers without knowing it. A popular example is Google’s password manager that helps you by recommending strong passwords and storing them on your behalf. You don’t have to remember it, yet it makes it available whenever you’re trying to log into that platform while you’re signed in to your Google account and using a Google browser or platform.

Final Thoughts

A lot of thought has to go into accessing the internet. The average netizen is bombarded with so much advertising that we default to reflex responses—agreeing to terms we don’t read, and giving our data out and hoping for the best among others. It is, however, important that we use only secure digital infrastructures that go the extra mile to protect our data through the use of features like 2FA and user lockout configuration to deter hackers from exploiting lapses in our password habits. Choosing to use only cyber security-conscious platforms will help you sleep soundly, knowing that it is highly unlikely that someone will hijack your user details and identity.