A method, computer program product, and system for dynamic change of a password under a brute force attack. A computer processor monitors a password protected account. A frequency of access attempts to the account is determined and in response to the frequency of access attempts exceeding a first threshold, a brute force password attack against the account is determined. A quantity of consecutive unsuccessful access attempts is tracked and responsive to the unsuccessful access attempts exceeding a second predefined threshold, a new password of the account is acquired, in which the new password follows a more complex set of password generation rules than the current password. An encrypted message regarding the new password is sent to a user of the account, the password of the account is reset to the new password, and the quantity of consecutive unsuccessful attempts to access the account is reset to zero.