If I enter a password wrong thrice, the system locks me out. How are hackers able to attempt millions of combinations of passwords without the system locking them out?

439 viewsOtherTechnology

If I enter a password wrong thrice, the system locks me out. How are hackers able to attempt millions of combinations of passwords without the system locking them out?

In: Technology

8 Answers

Anonymous 0 Comments

Hackers write programs that routinely try a single password with many thousands or more of different user IDs. Then the program tries the next password with the same many thousands or more of different user ids. If it waits an amount of time between attempts, many of these will have reset either through a valid login from the real user or a bad password timeout which many systems have. In some cases they may test an account to see if there is a bad password timeout so they know how often their program can try their account list with a new password. Then they sit back and let their program run against that company’s systems and it sends them any valid account password combinations. Even if it only tries one password a day from a list of common passwords, it can try every combination of user id with the 365 most common passwords in a year. If it can do many attempts per account per day it can test that many more. If the is no wrong password attempt lockout, it can try as fast as possible going through hundreds of password attempts every minute.

You are viewing 1 out of 8 answers, click here to view all answers.