“…A brute force attack on KBA is the act of trial and error to gain access via trying multiple combinations of password. There are different forms of brute force attack to KBA including offline cracking attack (taking a password from a password storage file that has been recovered from the system) (Blocki, Harsha, & Zhou, 2018), letter frequency analysis attack (replace popular letters in ciphertext with common letters in the used language) (CRYPTO-IT, 2020), or targeted brute force attacks which primarily uses input dictionary creation programs and password guess generators (to target other accounts with previously compromised account details) (Tools, n.d.) (Salamatian, Huleihel, Beirami, Cohen, & M édard, 2020). Another form of brute force attack on KBA is rainbow table attack which enables the recovery feasibility of long, human chosen passwords, which computes hashes of the large set of available strings, rather than specifically calculating a hash function for every string present and comparing them to the target (ParthDutt, n.d.) (Marforio, Masti, Soriente, Kostiainen, & Capkun, 2016) (L. Zhang, Tan, & Yu, 2017).…”