password recovery

In cryptanalysis and computer security, password cracking is the process of guessing passwords protecting a computer system. A common approach (brute-force attack) is to repeatedly try guesses for the password and to check them against an available cryptographic hash of the password. Another type of approach is password spraying, which is often automated and occurs slowly over time in order to remain undetected, using a list of common passwords.
The purpose of password cracking might be to help a user recover a forgotten password (due to the fact that installing an entirely new password would involve System Administration privileges), to gain unauthorized access to a system, or to act as a preventive measure whereby system administrators check for easily crackable passwords. On a file-by-file basis, password cracking is utilized to gain access to digital evidence to which a judge has allowed access, when a particular file's permissions restricted.
Brute-force password guessing attacks against online systems are usually ineffective because systems are designed to lock accounts after a certain number of unsuccessful login attempts. Obtaining the cryptographic hash of the password makes it possible to perform an unlimited number of offline guesses. Hash files can might be obtained by third parties by court-ordered access, or as part of an illegal data breach. If passwords are reused across web sites, the hash file obtained from one web site can be used for cracking, and then the discovered passwords can be attempted against the same email addresses on other web sites.
The password spraying approach evades account lockout countermeasures by guessing the same password across many accounts, allowing time to pass between attempts on the same account, which might include legitimate logins. This approach does not target specific accounts.

View More On Wikipedia.org