The vast majority of websites and applications accessible via the Internet or a mobile device offer some sort of sign in or sign up functionality. This functionality enables a user of a particular website or application to create an account or access the account associated with the respective service provided by the website or application. Passwords associated with the user accounts are typically stored in some variety of database or directory. As the increasing rate of password breaches provide constant reminders, these password databases or directories can be accessed by malicious actors. Consequently, the passwords can then be used against the user that originally signed up for the particular website or application.
To add to this problem, users often reuse the same username and password on multiple websites or applications. If one database or directory is breached, an attacker may be able to access additional websites or applications by simply retrying the same credentials on the additional websites or applications.