Brute-Force Attack
An attack that tries every possible password, key, or input until the correct one is found, defeated by sufficient entropy plus rate limiting.
A brute-force attack systematically enumerates candidates (passwords, encryption keys, TOTP codes, API tokens) until one works. Online brute force runs against a live service and is defeated by account lockouts, rate limiting, and CAPTCHA; offline brute force runs against a stolen password hash and is defeated by high entropy plus a slow hash like Argon2id or bcrypt. Dictionary attacks are a targeted variant that tries common passwords first. The math is brutal: a 6-character lowercase password falls in seconds on a GPU, while a 20-character random passphrase is computationally infeasible to crack today.