The real danger is "offline" cracking. Hackers break into a system to steal the encrypted password file or eavesdrop on an encrypted exchange across the Internet. They are then free to decrypt the passwords without anybody stopping them.
Doing this, hackers can guess passwords at the rate of 1 billion guesses a second. That's fast, but not when you consider how big the problem is. Consider passwords composed of letters, numbers, and symbols. That's roughly 100 combinations per character. A five-character password will have 10 billion combinations. This means a hacker can guess a five-character password in only 10 seconds. But things quickly get worse for the hacker. This problem grows exponentially:
- 5 characters = 10 seconds