I keep seeing tables of how easy it is to brute force a password depending on length and complexity, but how does the brute force attack get past the account lockout feature?

640 views

Every system I’ve ever maintained has an account lockout after a few attempts.

In: 2

18 Answers

Anonymous 0 Comments

It can’t. If the system enforces a limit on the number of attempts per X time period, then a brute force attack cannot be used.

Usually, brute force attacks are used in cases where you are able to obtain the encrypted/hashed database of passwords. Then you are not interfacing with the system, you have direct access to the database which bypasses the lockout feature.

You are viewing 1 out of 18 answers, click here to view all answers.