If I enter a password wrong thrice, the system locks me out. How are hackers able to attempt millions of combinations of passwords without the system locking them out?

723 views
0 Comments

Edit: Thank you everyone who’s taken out time to explain it to me. I’ve learnt so much. Appreciate it.

Yes, I do use ‘thrice’ in my conversation whenever required. I’m glad it amused so many of you.

In: Technology

11 Answers

1 2
Anonymous 0 Comments

In the olden days where brute-forcing actually worked, you’d just pretend you’re a different person.

You’d have a program which basically worked like this:

* You gave it a huge list of passwords to try
* You gave it a huge list of proxy servers to use. Think of a proxy server as another person tasked with giving the site the password attempt
* You told the program “Go tell this site that my password is: xxxxxx, if it fails try another password from the list, if it fails try another, if it fails a 3rd time, use a different proxy (ie tell another person to try three more passwords)”

So the program would pretend to be a different machine, connect, try 3 different passwords, then switch to pretending to be another machine, try 3 more and so on and so forth.

So what the site saw was different people trying 3 different passwords each.
1 2