Facebook Pixel

How do you prevent brute-force password attacks?

Rate limit login (5 attempts per 15 min per IP and per email). Lock the account temporarily after too many failures. Use a slow hash (bcrypt, argon2) so each attempt is expensive for attackers.

Verify This Answer

Cross-check this information using these trusted sources:

More FAQs in Password Security Interview Questions and Answers

Because if the database is leaked, plain-text passwords expose every user. People reuse passwords, so one leak breaks other accounts. Hashing turns passwords into irreversible strings, so a leak does not reveal the passwords.

SHA-256 is a fast hash, not a password hash. Fast means brute-forcing a list of hashes is fast. bcrypt is slow on purpose and has a salt built in, making brute-force expensive.

A random value added to the password before hashing. It ensures two users with the same password get different hashes. Prevents rainbow table attacks. bcrypt and argon2 handle salting automatically.

Still have questions?

Browse all our FAQs or reach out to our support team

Want to upskill yourself?

Our courses are taking a Coffee break, but your curiosity shouldn't. Stay engaged with namastedev linkedin, youtube, discord and other resources while you wait.

0
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.
Please Login.