Thanks. (I haven't checked YouTube yet...was hoping tacit would weigh in.)
On the other hand, a quick search turned up
The ability to crack passwords using computer programs is also a function of the number of possible passwords per second which can be checked. If a hash of the target password is available to the attacker, this number can be quite large. If not, the rate depends on whether the authentication software limits how often a password can be tried, either by time delays, CAPTCHAs, or forced lockouts after some number of failed attempts.
which suggests that "
three strikes and you're out" at least puts some sort of damper on a hacker's ability to crack a password.
Aside: I've been thinking for a while that this thread has taken a major turn from its initial direction and that a change of title, at the least, may be in order.