A
brute force attack tries every possible password combination until finding the correct one. Speed depends on password length, complexity, and computational power.
Defense: long complex passwords make brute force impractical. Account lockout policies limit online attacks. Key stretching (bcrypt) slows offline attacks. MFA defeats brute force even if password is found.