What is Brute Force Attack?
Turkish: Brute Force Saldırısı
A brute force attack tries many password or key combinations automatically until one works, often targeting login and admin panels.
What is a Brute Force Attack?
A brute force attack attempts to discover a password, PIN, API key, or encrypted value by trying many possible combinations automatically. The attacker is not relying on insight; they are relying on volume.
The simplest form tests random password combinations. More practical attacks use dictionary lists, previously leaked passwords, or known username-password pairs. Login forms, admin panels, SSH services, and API authentication endpoints are common targets.
Risk and Protection
Brute force attacks can lead to account takeover, unauthorized data access, and service disruption. Weak passwords increase the risk, and reused passwords make the impact wider across systems. A strong password policy helps, but it is not enough if attackers can try unlimited attempts.
Protection usually combines rate limiting, temporary lockouts by account or IP, bot detection, breached password checks, centralized logging, and alerting. 2FA adds a second verification layer, reducing the damage even when a password is guessed or reused.
Lockout rules must be designed carefully because aggressive blocking can also affect real users. Security controls should be tested with support flows, monitoring, and anomaly detection in mind.
Related Terms
2FA adds a second proof, such as an authenticator app, SMS code, or security key, on top of a password during sign-in.
Credential StuffingCredential stuffing is an account takeover attack that automatically tests leaked usernames and passwords across many services.
Rate LimitingRate limiting protects APIs by capping how many requests a user, IP address, or token can send within a defined time window.