📚 Knowledge Library — Topic 5.5C — Internet & Security

Password Security Explained Simply

Learn how brute force attacks try to break into accounts, and how strong passwords, two-factor authentication and biometrics help protect users.

1. Invitation

Accounts need more than a simple lock.

Passwords are used to stop unauthorised people accessing accounts and systems.

But a weak password is like a weak lock. If it is easy to guess, it does not protect very much.

💡 Key idea: password security is about making accounts harder to guess, harder to break into, and easier to verify safely.
Figure 1.1
Account Protection
Account

Password

Access allowed
or blocked
2. Big Idea

A brute force attack tries lots of passwords.

A brute force attack is when an attacker tries to guess a password by repeatedly trying different combinations.

This can be done manually, but it is often done automatically using software.

💡 Brute force = repeatedly trying different passwords until the correct one is found.
Figure 2.1
Brute Force
Password 1

Password 2

Password 3

Keep trying
3. FutureLogic Bridge

Think of a thief with a giant keyring.

Imagine a thief trying every key on a huge keyring until one opens the door.

A brute force attack works in a similar way. It keeps trying possible passwords until one works.

💡 Bridge: brute force is not clever guessing. It is repeated trying.
Figure 3.1
Keyring Model
Key 1 ❌
Key 2 ❌
Key 3 ❌

Correct key ✅
4. Strong Passwords

A strong password is harder to guess.

A strong password usually has more characters and uses a mixture of letters, numbers and symbols.

The more possible combinations there are, the harder it becomes for a brute force attack to succeed.

Weak passwordStronger password
shortlonger
common wordless predictable
letters onlyletters, numbers and symbols
Figure 4.1
Stronger Lock
Longer password
+
More character types

Harder to guess
5. Limiting Login Attempts

Stopping repeated guesses helps stop brute force.

One useful defence is to limit the number of login attempts.

If the system locks the account after several wrong attempts, the attacker cannot keep trying thousands of passwords.

🎯 Exam Tip: for brute force prevention, remember: strong passwords, 2FA, biometric authentication, and limiting the number of login attempts.
Figure 5.1
Attempt Limit
Wrong attempt 1
Wrong attempt 2
Wrong attempt 3

Account locked
6. Two-Factor Authentication

Two checks are safer than one.

Two-factor authentication, or 2FA, requires two different checks before access is granted.

For example, a user may enter a password and then enter a code sent to their phone.

💡 2FA means an attacker needs more than just the password.
Figure 6.1
Two Checks
Password
+
Phone code

Access granted
7. Biometrics

Biometrics use something about the person.

Biometric authentication uses a physical characteristic, such as a fingerprint, face or iris scan.

This can be more secure than a PIN because it cannot easily be guessed, seen over someone's shoulder, or recorded by a keylogger.

Biometric exampleWhy it helps
FingerprintDifficult to fake
Face recognitionLinked to the user
Iris scanUnique physical feature
Figure 7.1
Biometric Check
Fingerprint

Identity checked

Access decision
8. Worked Example

Give a defence and explain why it works.

Exam questions often ask for a security method and a reason. Naming the method alone may not be enough.

Question

Give one method that can help prevent a brute force attack and explain how it helps.

Model answer: "Limiting the number of login attempts can help prevent a brute force attack because the attacker cannot keep repeatedly trying different password combinations."
Figure 8.1
Exam Structure
Name method
+
Explain why

Fuller answer
9. Common Mistake

Do not just list security methods.

Students often know the security methods but lose marks because they do not explain them clearly.

⚠️ Common Mistake:

Student answer: "Use biometrics."

❌ Too short. It names a method but does not explain why it is secure.

Better answer: "Biometric authentication uses a unique physical characteristic, such as a fingerprint, which is difficult to guess or copy."
Figure 9.1
Better Wording
Weak answer
name only



Better answer
name + why
10. Summary

Password security in one screen.

A brute force attack repeatedly tries different password combinations until the correct one is found.

Strong passwords, limited login attempts, two-factor authentication and biometric authentication all make unauthorised access harder.

The best answers explain both the method and why it helps protect the account.

💡 Final thought: good security adds extra barriers so one weak password does not become an easy way in.
Figure 10.1
Layered Security
Strong password
+
2FA
+
Biometrics

Better protection