Brute Force

A brute-force attack simply tries every possibility until one works; a dictionary attack narrows that to likely words, and credential stuffing reuses username/password pairs leaked from other breaches (devastating against password reuse). Defenses stack: account lockout and rate limiting slow online guessing, strong/long passwords and slow hashing (bcrypt/Argon2) blunt offline cracking, and MFA makes a guessed password insufficient on its own.