• TheseusNow@lemmy.zip
    link
    fedilink
    arrow-up
    5
    ·
    1 day ago

    It doesn’t. Cracking programs don’t use the user login form repeatedly. They use the same algorithm that creates the publicly encoded password to generate encoded passwords and keep going until they have a match. Besides getting the encoded password and salt, everything is done offline.

    This just creates a really bad user experience.

    • Camelbeard@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      1 day ago

      If they actually use the real login form, most websites block an account after X attempts. Sometimes for 1-24 hours, sometimes until you do a PW reset