On Fox News today, they're reporting on a group of hackers that cracked 90% of even long and strong passwords in a very short period of time.
My first question is: how do they crack them? Apparently, they are able to test over a billion tries per second. But don't websites drop you after a fairly short number of incorrect tries? Unless the hacker actually tests each try, how do they know when they have the answer?
Even if a website lets you have a zillion tries, my websites all seem to take several seconds to respond to a try; so how can a hacker test billions of tries so quickly?
Was this study a serious piece of work? Should we be more concerned (anyone using 1PW is clearly already concerned...)?