I keep seeing tables of how easy it is to brute force a password depending on length and complexity, but how does the brute force attack get past the account lockout feature?

638 views
0 Comments

Every system I’ve ever maintained has an account lockout after a few attempts.

In: 2

18 Answers

Anonymous 0 Comments

It can’t. If the system enforces a limit on the number of attempts per X time period, then a brute force attack cannot be used.

Usually, brute force attacks are used in cases where you are able to obtain the encrypted/hashed database of passwords. Then you are not interfacing with the system, you have direct access to the database which bypasses the lockout feature.
You are viewing 1 out of 18 answers, click here to view all answers.