A Brute-force attack is when the attacker will try a set of combinations to try to get into an account.
An attacker will use known passwords, dictionaries, numbers, a combination of letters and words, to crack the password.
The stronger the attacker has computer power, the more combinations it can execute on a given time.
Some companies to avoid such attacks will make the login rest for a couple of seconds, or even minutes in case a wrong password is inputted.
There are many programs to brute force passwords, and they are relatively simple to use.
How to protect
The owner and responsible for services that we use online (like Facebook, Google, etc.) are responsible for protecting us.
Still, there are things that we can do to protect our accounts better.
It is creating one password that is specific for each account, again much better if handled by the password manager.
A password hard to crack, best if managed by the password manager
It is the best security measure for your passwords. Takes away the complexity of managing the all and will create unique and robust passwords automatically for any given account.
Two-factor authentication (2FA) is an additional layer of protection beyond your password. It significantly decreases the risk of a hacker accessing your online accounts by combining your password (something you know) with a second factor, like your mobile phone (something you have).