How to protect your network device from a brute-force attack
A brute-force attack is one of the methods for an unauthorized user to gain access and control of a password-protected device. The aim of this FAQ is to provide an overview of this attack method, as well as ways to ensure protection from it.
The basic principle of the brute-force attack is to continually guess the username and password for a device. After purchasing a network device like a router, some customers may prefer to use the default login username and password, (e.g., “admin/admin,” “admin/123456,””admin/111111").
To gain access to a networking device, an attacker can embed codes and scripts into malicious websites or software. If customers click on these websites or download the malicious software, the codes and scripts will run in the background, constantly guessing the device login username and password without the customer's knowledge. After correctly guessing the username and password, an attacker can log into the router and change any of its settings.
The most effective way to avoid a brute-force attack is to avoid using the networking device's default login name and password, as these are easily guessed in such an attack. Instead, create a complex username and password, consisting of a combination of lower and uppercase letters, numbers and special characters. With a unique, complex username and password, a brute-force attack is much less effective, thus preventing an attacker from gaining access to the network device.
Currently, some of our products have already adopted a new web user interface, which has a new password evaluation system that advises customers to set up a new username and password when they log in the web management page for the first time. This system will automatically evaluate the strength of the password, as shown below:
This evaluation system will grade your password as Low, Middle or High.
Low: The new password only contains figures or letters
Middle: The new password is of adequate length and contains a combination of letters and numbers
High: The new password is of adequate length and contains a combination of lower and uppercase letters, numbers and special characters.
More products will adopt this new password evaluation mechanism in the near future. For those products which haven’t adopted this system, customers are still encouraged to change their login username and password to one with a unique combination of lower and uppercase letters, numbers and special characters. This will effectively protect their network devices from possible attacks.
For added security, our products also feature a protection mechanism to prevent continuous username and password guessing. After multiple failed login attempts, the router will be temporarily locked. This will stop the practice of continuous guessing further preventing unauthorized access to the networking device.
Is this faq useful?
Your feedback helps improve this site.
TP-Link Community
Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.