« Unsubscribing the easier way | Main | Baby Brezza with blades that won't turn »

Indirect brute-forcing passwords?

I am still in the process of reading James Fallows’ article on his wife’s Gmail account being hacked, but I was struck by this statement:

For reasons too complex to explain here, even some systems, like Gmail’s, that don’t allow intruders to make millions of random guesses at a password can still be vulnerable to brute-force attacks.

Let me guess: this margin is too small to explain how this works. But I would love to know; in my world, the definition of a brute-force attack requires millions of guesses at a password.

Post a comment