This chapter covers brute‐force attacks against the underlying technology of multifactor authentication (MFA) solutions. Brute‐force attacks are considered the most primitive type of cyberattack. Attackers using the brute‐force method can have great increases in speed by randomly guessing among the total population of possible guesses. The chapter discusses two main ways to conduct brute‐force attacks: manual brute‐force guessing and automated brute‐force guessing. It presents some real‐world brute‐force attack examples, including one‐time password bypass brute‐force test, instagram MFA brute‐force, Slack MFA brute‐force bypass, android MFA brute‐force, and unlimited biometric brute‐forcing. The chapter explores some developer and user defenses against brute‐force attacks. Most of the controls are developer‐focused and the end user's risk is mostly controllable only by the MFA solution vendor.