# Brute Force Attacks and Why You Should Have a Complex Password

By: Daelphinux

February 1, 2016

The standard brute force attack is fairly simple. An attacker, in an attempt to discern a password, simply guesses every possible password until they stumble upon the right one. Although this is considered a weak form of attack, it's still a plausible one in many situations.To really understand how it works, however, one has to have a grasp of the math of combinations and how passwords work in general. Additionally, because of some quirks of linguistics, a simple modification can make this attack far more effective.This bit is going to sound a bit "mathy," but pay attention because it will all make sense. For a given length and character set there are a finite number of possible orderings of characters in a string. Essentially, if you know that something has to be between three and four characters in length and is limited to using trinary (0,1,2), there are only so many possible combinations. For instance:

0000, 0001, 0002, 0003, 0010, 0020, 0030, 0011, 0012, 0013, 0021, 0022, 0031, 0032… 3333

AND

000, 001, 002, 010, 011, 012, 020, 021, 022, 100… 333