Why do passwords need to be so complex and changed often? When I enter an incorrect password, I usually get an email about it being incorrect and after a few tries, get locked out. If someone was trying to log on, wouldn’t they run into these issues or can they bypass it somehow?
In: 1
For someone trying to brute force passwords there are 2 possible ways to do it:
Try lots of different passwords on the same account.
Rules that lock the account after a set number of failed attempts help prevent this.
Try a commonly used password on lots of different accounts
Locking individual accounts doesn’t help much here: if they only try one or two common passwords it’ll never hit the limit on any one account.
Latest Answers