In his interview with John Oliver, Edward Snowden said something that many computer-savvy people are aware of and that is that modern computers can sweep through the entire set of possibilities of eight-character passwords in less than a second and that is how hackers break into systems. He suggested that rather than using complicated and hard to remember combinations of characters, we need to think in terms of long phrases that are easy for each user to remember but are unlikely to be found in any written form anywhere.
But what I don’t understand is how that is used to break into systems. While you can sweep through all the possibilities quickly, you don’t know which is the correct one and isn’t that determined by trial and error? Usually when you log into a system, you type in your username and password and it is only if the password matches the username that you are allowed in. Otherwise you get an error message. That alone takes a few seconds. And in many systems, after a few failed attempts, you are locked out and have to contact the system administrator to get a new password.
So why aren’t hackers stopped after the first few guesses? I did a little searching on the internet but could find a good answer. Anyone here know?