I would like to say that how secure the password is doesn't matter. And I think that right now you are probably like "The hell did you read everything above" or "I think that maths says something different". And if you don't believe me just read below.
Many devs think that if they secure the passwords and make defence against brute force algorithm is everything then they aren't right. But yeah you need this too. But let's continue.
So now I am going to explain. Most hackers don't even need bruteforce algorithms. They are just used because sometimes can save time. BUT!!!!!! This is not the only method. A hacker can always log on in an account using SQLi or he can always find another vulnerability. But even if you make defence aginst these too then you can still get hacked.
You want examples? OK. I will say something like facebook. They have super good defence. BUT!!!!!! They still can't protect the accounts. Many hackers can hack into them + if you have served on the deep/dark web many of them do it for like 10-15$. Then does that mean they are secure? Yes , they are really secure.
BUT!!!!!! Many hackers use things like SE , cookie stealing , keyloggers and other methods. But what is so special about these methods. Well the users might be secured but there is no defence against their stupidity. With SE it can be pretty easy because you can always make a phisher and then BAM. Most of them get tricked. And I am sure that someone right now is like if they look in the URL first before they open the link. Well it can get encoded and lead to another URL. With cookie stealing and kellogers they can easily get your IP and remotly upload or extract data. There are other method but I will not discuss them.
Sorry for bad english.
Thanks for reading.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.