What immediate measure should a software company consider to combat ongoing brute force attacks on its customer portal?

• A. Improve customer password complexity
• B. Implement CAPTCHA for the login process
• C. Increase the number of admin accounts
• D. Utilize biometric login features

Answer: (B)

Implementing CAPTCHA for the login process is a highly effective immediate measure against brute force attacks. Brute force attacks involve repeatedly attempting to gain access to accounts by systematically trying numerous password combinations until the correct one is found. By adding CAPTCHA, the company introduces a requirement that must be satisfied before the user can attempt to log in. This typically involves solving a problem, such as identifying objects in images or entering distorted text, which automated scripts find difficult or impossible to complete successfully.

This action slows down or may completely thwart automated attack tools, thereby reducing the likelihood of a successful brute force attempt. Additionally, it can help to differentiate between genuine users and bots attempting to gain unauthorized access. Because brute force attacks rely on speed and volume, implementing measures that force a pause or require human interaction can significantly defend against such threats.

In contrast, while improving customer password complexity enhances security in the long run, it may not provide immediate resistance against current ongoing attacks. Increasing the number of admin accounts does not address the issue at hand and could potentially complicate security further. Utilizing biometric login features is a more advanced measure and may not be immediately feasible or appropriate for all user bases. Therefore, implementing CAPTCHA stands out as a practical, immediate defense against ongoing brute force attacks.