Among the countermeasures for brute force attacks such as Two-Factor Authentication (2FA), salting, login throttling, key stretching, or Complex password. Which would be the most effective against brute force attacks?
Two-Factor Authentication (2FA) requires having an additional login credential to password. Which is something you know (your password) plus something you have such as tokens.
Key stretching makes a password more secure against a brute-force attack by increasing the time and effort to break the password.
Login throttling denies a user from attempting logins after a certain number of failed attempts.
Salting is the addition of random characters to passwords before hashing, it does not protect against brute force attacks.
Therefore, two-factor authentication (2FA), Key stretching, and limited login (login throttling) are good countermeasures for brute force attacks. Complex passwords can help, but will finally be broken.