A brute force attack is when somebody tries to figure out a password by trying every possible combination of letters, numbers, and symbols until he discovers the right one. The tools that attackers use to carry out brute force attacks usually use a list of usernames and a large dictionary of passwords. The tool tries the first password in the list with the first username, and then tries every password for every user until it finds a match. If done exhaustively, by trying every possible combination of usernames and passwords, brute force attacks always work. However, it could take years to find the correct combination, depending on the length and complexity of the password.
Choose strong passwords: Passwords that are dictionary words, have fewer than seven characters, or are easy to guess are vulnerable to password cracking. A strong password is at least eight characters long and has a combination of upper/lower case letters, numbers, and special characters (e.g., #, !, *). The longer your password, the longer it will take a brute force tool to guess it.
Change your password frequently: You should change your password at least once every six months.
Lock out accounts after multiple failed password attempts: If you own a Web site, lock out user accounts once a user has tried a certain number of incorrect passwords.