I have never understood the brute force method of breaking passwords.
Every important website I use just allows three wrong password attempts before they require you to answer questions, change your password, and confirm a random code sent to your registered email address.
How does brute force get past the three wrong password attempts issue?
Imagine you are a hacker who gets in and downloads the encrypted passwords. You would brute against them so now you could come in all nice and proper through the front door. And also would have those pw’s to try on that user’s other probable accounts at major websites.
By deleting the cookie or using different browsers each time?