What type of attack attempts to guess passwords by trying every possible combination of characters?

A brute-force attack is a method used to guess passwords by systematically attempting every possible combination of characters until the correct one is found. This approach relies on the computational power available to the attacker and the time it takes to check each potential password against the target system. Brute-force attacks can be effective against weak passwords or when no account lockout policies are in place to mitigate such attempts.

In contrast, a dictionary attack involves using a list of likely passwords or common phrases, rather than trying every possible combination. Social engineering refers to manipulating individuals into divulging confidential information, which is unrelated to the technical process of guessing passwords. Credential stuffing involves using stolen credentials from one service to gain unauthorized access to accounts on different services, relying on the common practice of users reusing passwords across multiple sites. Each of these methods has distinct characteristics that differentiate them from a brute-force attack.