How to prevent brute force attacks

How to prevent brute force attacks

It is very simple to prevent brute-force cracking. Whether it is a B/S architecture or a C/S architecture, the following points are summarized below.
 
1. complexity of passwords
There is no doubt that the password settings must be complex. This is the most basic and lowest-layer line of defense. password settings must have a policy:
 
① For important applications, the length of the password should be more than 6 digits, and the password should be between 8 digits and 12 digits.
 
② Do not use your mobile phone number, email address, or other key "Features" as passwords.
 
③ The user name and password cannot be connected. For example, the user name is "admin" and the password is "admin7758521 ".
 
④ The above three points are not enough. For example, passwords such as "12345678", "222222222", and "11111111" have enough length, but they are extremely dangerous because they are weak passwords. These passwords are generally included in the dictionary of attackers. Therefore, you must increase the complexity of the password. For example:
· At least one lowercase letter (a-z)
· At least one uppercase letter (A-Z)
· At least one number (0-9)
· At least one special character (* & ^ % $ #@!)

If you feel that your password is strong enough, let the attacker attack for several years. Although this is just a joke, it also shows the importance of the password policy and the password is complex, it is not only used to prevent brute-force cracking, but also to prevent other attacks, such as MD5 password cracking. Your password is complex enough. It is also difficult to decrypt Protocol 5.
 
2. Verification Code measures

CAPTCHA is short for "Completely automatic Public Turing test to tell Computers and Humans Apart" (a Completely Automated Turing test that distinguishes Computers from Humans, it is a public, fully automated program that distinguishes users from computers and people.
 
The verification code can effectively prevent: Malicious password cracking, ticket refreshing, Forum bumping, etc. It can be said that the most important thing about the verification code is to prevent robots, as shown in figure. It is a user registration page. After the verification code is embedded, it can effectively prevent robot registration (robots usually post some advertisement posts after registration, illegal stickers ).