This is a method for guessing a password (or the key used to encrypt a message) that involves systematically trying all possible combinations of characters until the correct one is found. This could take a very long time, so one alternative is to use a dictionary attack, although this only works if someone has used an everyday word as a password – rather than using a combination of letters, numbers and non-alpha-numeric characters. One way to reduce the susceptibility to a brute-force attack is to limit the number of permitted attempts to enter a password – for example, by allowing only three failed attempts and then permitting further attempts only after 15 minutes.