---
type: "term"
title: "Brute-Force Attack"
description: "A method of systematically trying all possible credential combinations (passwords, PINs, encryption keys) to gain unauthorized access."
resource: "tlctc:term:brute-force-attack"
tags:
  - "glossary"
---
# Brute-Force Attack

A method of systematically trying all possible credential combinations (passwords, PINs, encryption keys) to gain unauthorized access. In TLCTC: maps to `#4 Identity Theft` — the attacker is attempting to derive and use credentials to impersonate a legitimate identity. The generic vulnerability exploited is weak credential protection (e.g., lack of account lockout, short password requirements).

**Reference:** V1.9.1 Buzz-Word Refinement (#4)

See also: Identity Theft (#4), Password Spraying, Credential / Identity Artifact