A brute-force attack is repeated trial-and-error guessing of a secret value until one attempt succeeds. The target may be a password, API key, PIN, or session token. Attackers automate the process and can make thousands or millions of requests, especially when the secret space is small or predictable.
In cyber security, brute force matters because weak authentication is often easier to break by guessing than by exploiting code. It becomes more dangerous when the value has low entropy, when there are no rate limits, or when responses reveal which guesses are valid. In real attacks, brute force can lead to account takeover, token hijacking, or unauthorized access to web management interfaces. Defenses include strong randomness, long secrets, lockouts, rate limiting, monitoring, and network segmentation so exposed services are harder to reach.