Press "Enter" to skip to content

Brute-force attack – demo

What is a brute-force attack? Simplified, it’s actually trying out all possible combinations of characters to break the password. It’s time consuming, so it’s inefficient for long passwords.
How long it would take to calculate it here.
Try with the short passwords in the demo below. The procedure is as follows:

  1. You can choose your username and password (only lowercase letters and up to three characters long), then click the “Register” button. This simulates registration on a server (the name and password are stored in the database).
  2. Click the “Run” button: this will trigger the attack – the program tests the character combinations in the “Password” field in the “Login” section (simulation of the login form).
  3. Once you’ve found the combination, you can try logging in with the “Login” button.

Basic info about creating passwords below.


Choose username:

Password (max. 3 lowercase letters)

* Brute-force attack is time and resources consuming, it would take too long in the web browser





Server database




Basic rules for safer password

  • As long as possible
  • Upper- and lower-case letters, numbers and special characters
  • Random
  • Unique for each service
How to?
  • Password generator
  • Diceware
  • Password manager
  • Multifactor authentication
In case you don't know how to set up these, come to Digital self-defense workshop or meet in person for consultancy