If someone (call him Dave) chooses a weak password for a website, say one of many thousands of easily hacked passwords like “123454321AbC” how is a a hacker able to access the Dave’s account on the site?
Because there are a LOT of weak passwords. Why wouldn’t relative obscurity save this user if the website adopted a simple, well-known process in which, say, 4 wrong entries of a password disables the account until a user manually calls in and verifies, and in this way a hacker would never have the opportunity to go through the very large set of weak passwords for Dave?
In: 0
In addition to the two answers you’ve already got, there are also bots running in permanence that are just going through the list of random passwords for random accounts.
If the accounts are important enough (e.g., bank account, e-commerce website with credit card saved, email address that gives access to all the other accounts with the forgot password feature), chances are, some account somewhere is trying to hack that. This are designed explicitly not to trigger the blocked account features of the websites who have them.
If it’s a weak password, even a thousand tries shouldn’t take too long. Especially because someone using weak password has a strong probability to reuse passwords so you can distribute that across multiple websites
Latest Answers