Unless your password is something really common like “password1”, or just your username, or something very easily guessable like that, you’re generally safe from someone just sitting down and logging into your account casually.

So for any good website with even the faintest concept of security, your password is not stored. When you ask to reset your password, the reason why they can’t just send you their password is because they don’t know it. (Incidentally, if they DO send you your password, that means they clearly don’t care about security.) When you enter your password, it’s run through a complicated algorithm to encrypt it which, in theory, should be uncrackable without knowing the exact way it was encrypted.

Brute force attacks basically occur when they’ve gotten a list of encrypted passwords from a website (which happens more often than the companies would like you to think). They can then use their own computer to brute force this stuff until they start to produce things which feasibly look like passwords. Once they have those, they can try them, and boom, they’re in.

This, incidentally, is why you should have unique passwords for every site. Data breaches happen a lot, and if they’ve found one email and password combo which works on Facebook, they’re gonna try it on other sites too.

pure brute force attacks arent really a thing anymore,mostly because of time and said systems.

instead you have avariatino of it by acquiring the database of the target you can attempts to brute force the passwords listed there. this bypasses lockout features because you are not interacting with the login systme directly anymore.

instead of trying every single character combination, you limit your search to every single known word aka: a dictionary attack.

pure brute force attacks arent really a thing anymore,mostly because of time and said systems.

instead you have avariatino of it by acquiring the database of the target you can attempts to brute force the passwords listed there. this bypasses lockout features because you are not interacting with the login systme directly anymore.

instead of trying every single character combination, you limit your search to every single known word aka: a dictionary attack.

Unless your password is something really common like “password1”, or just your username, or something very easily guessable like that, you’re generally safe from someone just sitting down and logging into your account casually.

So for any good website with even the faintest concept of security, your password is not stored. When you ask to reset your password, the reason why they can’t just send you their password is because they don’t know it. (Incidentally, if they DO send you your password, that means they clearly don’t care about security.) When you enter your password, it’s run through a complicated algorithm to encrypt it which, in theory, should be uncrackable without knowing the exact way it was encrypted.

Brute force attacks basically occur when they’ve gotten a list of encrypted passwords from a website (which happens more often than the companies would like you to think). They can then use their own computer to brute force this stuff until they start to produce things which feasibly look like passwords. Once they have those, they can try them, and boom, they’re in.

This, incidentally, is why you should have unique passwords for every site. Data breaches happen a lot, and if they’ve found one email and password combo which works on Facebook, they’re gonna try it on other sites too.

pure brute force attacks arent really a thing anymore,mostly because of time and said systems.

instead you have avariatino of it by acquiring the database of the target you can attempts to brute force the passwords listed there. this bypasses lockout features because you are not interacting with the login systme directly anymore.

instead of trying every single character combination, you limit your search to every single known word aka: a dictionary attack.

Not every system has an account lockout, and not every attacker is coming through the front door.

Sometimes the attacker has stolen a database full of hashed passwords. Since that means they now have a “backdoor” and can access the data without using the main service (the front door), they can write a tool to make attempts at finding a match for the password data in the database *without* a lockout or the relative slowness of accessing the internet.

This is also dangerous because once they steal that database the data never goes away, so even if it takes them months to crack some of the passwords, they might have nothing better to do than let their tool attack it until it finds something.

Not every system has an account lockout, and not every attacker is coming through the front door.

Sometimes the attacker has stolen a database full of hashed passwords. Since that means they now have a “backdoor” and can access the data without using the main service (the front door), they can write a tool to make attempts at finding a match for the password data in the database *without* a lockout or the relative slowness of accessing the internet.

This is also dangerous because once they steal that database the data never goes away, so even if it takes them months to crack some of the passwords, they might have nothing better to do than let their tool attack it until it finds something.

Not every system has an account lockout, and not every attacker is coming through the front door.

Sometimes the attacker has stolen a database full of hashed passwords. Since that means they now have a “backdoor” and can access the data without using the main service (the front door), they can write a tool to make attempts at finding a match for the password data in the database *without* a lockout or the relative slowness of accessing the internet.

This is also dangerous because once they steal that database the data never goes away, so even if it takes them months to crack some of the passwords, they might have nothing better to do than let their tool attack it until it finds something.