Hacker News new | ask | show | jobs
by BMSmnqXAE4yfe1 2027 days ago
This scenario is not realistic, as you can just lengthen time between subsequent login attempts per username.
1 comments
mobjack 2027 days ago
Attackers only need one attempt per username.

They will use a leaked list of millions of username and passwords, then use a botnet to try them all on another website.

link