Gotcha, no, I wasn’t trying to make that claim, it’s just a way to make it more difficult/time consuming

That’s all you can do though, extend the time it takes to brute force, so I’m not sure what the distinction being made is.

If they are following best practices then individual hashes should be salted and the database of hashes should be peppered so even if someone brute forces an offline copy of the hashes they wouldn’t result in actual useable passwords.

I’m a project manager for a team of IT systems, engineering, and infrastructure folks with just over twenty folks and my key purpose on earth is that I take one hour or less of their time once a week and by doing so they never have an email or conversation with anyone else outside of our team. I know enough to talk to any stakeholders and complete monthly status reports by simply knowing what is going on and communicating strategy to them. I’ve been praised heavily which feels very dirty being an individual contributor for so long in my career. I can speak the same language as everyone on my team spanning logistics, networking, systems, and software development but I don’t DO anything. I have major imposter syndrome as I near retirement so the praise is also appreciated greatly from them. It’s a really weird period in my career.