Originally Posted by
serpens
If someone is trying to brute-force crack a password, then it seems like I am just as likely to change the password to the next character string the bad guy uses as the string just used in an attempt. In other words, I am as likely to shoot myself in the foot as not.
The only reason I can see to change a password (in the absence of evidence of shenanigans) is if I believe someone is using my credentials to peruse something but not actually taking anything like points. What am I missing?
The reasoning behind changing the password frequently is that there is a time delay between your account password being brute-forced and someone stealing your points.
The hackers themselves don't care about your points. They just brute-force enough accounts to reach a pre set goal (100k in this case.) After that, they bundle those account informations up and sell to the highest bidder.
Brute-forcing 4 digit pin accounts can be done quickly with bot nets. Using the points takes time. So, ones account can be hacked without anything happening for months.
If one changes their pin regularly, the chance of your account being brute forced stays about the same, but the chance of your points being stolen by the highest bidder decreases by a lot.