I keep seeing tables of how easy it is to brute force a password depending on length and complexity, but how does the brute force attack get past the account lockout feature?

471 views
0 Comments

Every system I’ve ever maintained has an account lockout after a few attempts.

In: 2

18 Answers

Anonymous 0 Comments

People generally don’t try to get into your account directly. What will happen is that there’s a leak of user data and hashed (sort of like encrypted) passwords, and bad actors will then take this list of passwords, and try to brute force the list, and only once they’ve actually discovered a password in the list, would they then take that password to log in into your account
You are viewing 1 out of 18 answers, click here to view all answers.