An attacker has a list of thousands of valid usernames for a company SSO portal. Rather than trying many passwords against one account, they try a single common password such as "Spring2026!" against every username, wait a few hours, then try a second common password against all of them. What is this technique, and why does it slip past typical lockout defenses?
Saturday, June 20, 2026 · A new challenge drops every day