Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,610 --> 00:00:01,840 Brute force attacks? 2 00:00:02,590 --> 00:00:09,220 Well, first of all, what is it, a brute force attack is an attempt using trial and error to crack 3 00:00:09,220 --> 00:00:14,160 a password and username, find the high, then you are an encryption key and so on. 4 00:00:14,170 --> 00:00:15,680 It's probably not very clear. 5 00:00:15,700 --> 00:00:19,710 So let's see a simple example from the non digital world. 6 00:00:20,050 --> 00:00:23,990 We have this lock that has ten thousand maximum combinations. 7 00:00:24,460 --> 00:00:30,740 This means that if we tried them one by one, we will eventually find the right key that unlocks it. 8 00:00:31,250 --> 00:00:32,980 Imagine that this is your password. 9 00:00:33,310 --> 00:00:36,670 That, of course, has many more possible combinations. 10 00:00:36,970 --> 00:00:43,330 But instead of having two hands, we have quite some advanced computing power that can calculate possible 11 00:00:43,330 --> 00:00:45,070 solutions at a very high rate. 12 00:00:45,760 --> 00:00:50,860 This is a very simple example of how trial and error works and how to crack a lock. 13 00:00:51,070 --> 00:00:55,930 But let's get back to our digital world and see what types of brute force attacks are out there. 14 00:00:56,290 --> 00:00:58,400 We have six main categories. 15 00:00:58,840 --> 00:01:00,830 The first one is a simple brute force attack. 16 00:01:01,240 --> 00:01:06,400 This uses a systematic approach to guess that doesn't rely on outside logic. 17 00:01:07,450 --> 00:01:14,890 Second, hybrid brute force attacks this start from the external logic to determine which person variation 18 00:01:14,890 --> 00:01:21,040 may be most likely used to succeed and then continues with the simple approach to try many possible 19 00:01:21,040 --> 00:01:21,760 variations. 20 00:01:22,480 --> 00:01:24,340 Third, dictionary attacks. 21 00:01:25,060 --> 00:01:30,730 This gives us usernames and passwords using a dictionary of possible strings or phrases. 22 00:01:31,890 --> 00:01:39,270 Fourth rainbow table attacks, a rainbow table is a free computer table for reversing cryptographic 23 00:01:39,270 --> 00:01:45,570 hash functions, it can be used to get the function up to a certain length consisting of a limited set 24 00:01:45,570 --> 00:01:46,440 of characters. 25 00:01:47,380 --> 00:01:54,610 Five reverse brute force attack, this uses a common password or collection of passwords against many 26 00:01:54,610 --> 00:02:01,290 possible usernames, targets a network of users for which the attackers have previously obtained Data 27 00:02:02,050 --> 00:02:10,390 six credential stuffing users previously well known password username Pear's, trying them against multiple 28 00:02:10,390 --> 00:02:16,480 websites, exploit the fact that many users have the same username and password across different systems. 29 00:02:16,930 --> 00:02:21,490 Now that you have an idea about what brute force is and what are the types of attacks. 30 00:02:22,030 --> 00:02:26,480 Let's get back to some scenarios that you can apply as a home user. 31 00:02:27,220 --> 00:02:34,220 We will see how you can secure your passwords and how you can protect against possible attacks. 32 00:02:34,870 --> 00:02:36,770 How secure is a password? 33 00:02:37,270 --> 00:02:41,980 This is the average computer time on which a password can be brute force. 34 00:02:42,640 --> 00:02:48,460 And this is quite interesting because a simple password like admin can be roughly cracked in around 35 00:02:48,460 --> 00:02:49,210 eight seconds. 36 00:02:49,870 --> 00:02:58,870 But a complex password that has multiple types of characters can take up to some months or even centuries. 37 00:02:59,890 --> 00:03:08,320 And now let's see, based on this, what are the best practices, we compiled a list of six recommendations 38 00:03:08,320 --> 00:03:09,390 that we wanted to give you. 39 00:03:09,730 --> 00:03:12,080 First, use a password manager. 40 00:03:12,580 --> 00:03:16,920 This will actually help you for the other five items from our list. 41 00:03:17,680 --> 00:03:23,050 We're going to live in the brute force document from the resources, a link with all the free and paid 42 00:03:23,050 --> 00:03:24,100 password managers. 43 00:03:24,640 --> 00:03:29,360 Second, use a minimum password length of twenty or more characters if permitted. 44 00:03:29,370 --> 00:03:35,270 Third, include lowercase and uppercase, alphabetical characters, numbers and symbols if permitted. 45 00:03:35,410 --> 00:03:38,850 Fourth, generate passwords randomly, one possible. 46 00:03:38,860 --> 00:03:45,040 Here is also where the password manager can help since they can generate passwords based on different 47 00:03:45,040 --> 00:03:46,300 options that you can select. 48 00:03:46,300 --> 00:03:52,450 Fifth, avoid using the same password twice across multiple user accounts and or software systems. 49 00:03:52,750 --> 00:03:53,680 As we saw earlier. 50 00:03:53,890 --> 00:03:59,950 If a database is hack and your username and password combination is there, the hackers will try those 51 00:03:59,950 --> 00:04:03,480 combinations on multiple platforms to see if they get a match. 52 00:04:03,590 --> 00:04:11,200 Sixth, avoid character, repetition, keyboard patterns, dictionary words, letters or numbers sequences. 53 00:04:11,200 --> 00:04:17,560 Avoid using information that the user's colleagues and or acquaintances might know to be associated 54 00:04:17,560 --> 00:04:24,060 with the user, such as relatives but names, romantic links and biographical information. 55 00:04:25,800 --> 00:04:31,290 And now that you have all this information, let's have a fun workshop, go to the link in the slide 56 00:04:31,290 --> 00:04:35,460 and play with passwords to see how fast you can brute force them. 57 00:04:35,520 --> 00:04:39,710 However, we don't recommend you using your real passwords. 58 00:04:39,960 --> 00:04:41,010 Try to keep it safe. 59 00:04:41,870 --> 00:04:47,630 And with this, we conclude our brute force lesson, we hope that we provided some interesting information 60 00:04:47,630 --> 00:04:52,310 and please find the links discussed here in the brute force text file from the resource section. 61 00:04:52,340 --> 00:04:52,900 Thank you. 62 00:04:52,910 --> 00:04:54,590 And see you soon in our next chapter. 6677