For someone trying to brute force passwords there are 2 possible ways to do it:
Try lots of different passwords on the same account.
Rules that lock the account after a set number of failed attempts help prevent this.
Try a commonly used password on lots of different accounts
Locking individual accounts doesn’t help much here: if they only try one or two common passwords it’ll never hit the limit on any one account.
Latest Answers