An online password attack is when an adversary repeatedly tries to log into a live device or service using common passwords, predictable password patterns, or stolen credentials, hoping to find one that works.
An online password attack happens when an adversary goes straight at the login screen of a real, running service and tries password after password until something works (EK 1.2.A.1). The key word is online: the attacker is interacting with the live system, so every guess is a real login attempt the server can see and count.
They don't guess randomly. Attackers feed an automated tool a list of likely passwords, common ones, predictable patterns, or credentials stolen from a past breach, and let it hammer the login (EK 1.2.B.2). People are predictable: they start a password with a word or two, tack on a two-digit year, and end with a special character, or they bake in a pet's name or a birthday (EK 1.2.B.1). That predictability is exactly what the attacker's password list is built around.
This sits in Unit 1, Topic 1.2 (Suspicious Website Logins), your first real look at how attackers exploit weak authentication. It anchors three connected learning objectives: spotting the signs of an attack (AP Cybersecurity 1.2.A), explaining how adversaries exploit weak passwords (AP Cybersecurity 1.2.B), and explaining how to make authentication stronger (AP Cybersecurity 1.2.C). The big idea is that the human habit of choosing memorable passwords is itself the vulnerability, and the fix is long, random, unique passwords plus multifactor authentication.
Keep studying AP Cybersecurity Unit 1
Visual cheatsheet
view galleryOffline Password Attack (Unit 1)
Same goal, opposite setting. An online attack guesses against a live login the server can monitor; an offline attack works on a stolen hash file where no server is watching, so the attacker can try billions of guesses without tripping any alarms.
Dictionary Attack (Unit 1)
A dictionary attack is the strategy behind many online password attacks. The adversary builds a custom 'dictionary' from a target's personal info (birthdays, pets, names) and feeds it to an automated tool, which is exactly the EK 1.2.B.2 behavior in action.
Multifactor Authentication / MFA (Unit 1)
MFA is the direct counter. Even if the attacker guesses your password, they still need a second proof of identity like a one-time code, so a correct password alone no longer opens the door (EK 1.2.C.3).
Authentication Log (Unit 1)
The authentication log is where you actually catch an online attack. Many failed logins in a short window, logins at odd hours, or attempts from unknown devices all show up there as the warning signs from EK 1.2.A.2.
Expect this in Unit 1 multiple-choice questions that hand you a scenario or a snippet of login records and ask you to identify the attack. The tell-tale signs to flag: many failed login attempts in a short time, logins at unusual hours, and attempts from unknown devices (EK 1.2.A.2). You may also be asked to explain why weak passwords get cracked (predictable patterns and personal info) and to recommend defenses: long, random, unique passwords, a password manager or passphrase, and turning on MFA. Be ready to tell an online attack apart from an offline one and to name MFA as the strongest single defense.
An online password attack tries passwords directly against a live login, so it leaves a trail of failed attempts the system can detect and rate-limit. An offline password attack happens after the attacker already stole the hashed passwords, letting them guess as fast as their hardware allows with nothing watching. Online is loud and limited; offline is silent and fast.
An online password attack means trying guessed, patterned, or stolen passwords directly against a live login screen.
The three classic signs are many failed logins in a short time, logins at unusual hours, and logins from unknown devices.
Attackers exploit predictable habits like word-plus-year-plus-symbol passwords and using pet names or birthdays.
The fix is long, random, unique passwords (a password manager or passphrase helps) and enabling multifactor authentication.
Online attacks are detectable because the server logs and can throttle each attempt; offline attacks against stolen hashes are not.
It's when an adversary tries to log into a live device or service using common passwords, predictable patterns, or stolen credentials until one works (EK 1.2.A.1). It maps to Unit 1, Topic 1.2.
No. An online attack guesses against a live login the server can see, so it's slower and detectable. An offline attack runs against already-stolen password hashes with no server watching, so it can try far more guesses unnoticed.
Look for many failed login attempts in a short window, login attempts at unusual times of day, and attempts coming from unknown or unexpected devices (EK 1.2.A.2). These usually show up in the authentication log.
Yes, mostly. Even if an attacker guesses your password, MFA forces them to provide a second proof of identity like a one-time code, so a stolen or guessed password alone won't get them in (EK 1.2.C.3).
People follow patterns, like starting with a word, adding a two-digit year, and ending with a special character, or using pet names and birthdays (EK 1.2.B.1). Attackers build a custom dictionary from your personal info and automate the guessing (EK 1.2.B.2).
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.