Most effective username:password ratio for mass bruteforcing? Home › Forums › Most effective username:password ratio for mass bruteforcing? This topic contains 0 replies, has 1 voice, and was last updated by BrianMiz 1 month ago. Author Posts October 17, 2019 at 4:02 am #147001 BrianMizMember Let’s say the end goal of an attack is just to get a maximum amount of random working logins for a given website. You have a list of usernames (1 million for example), What would be the most effect username to password ration to use for the attack – given you have 1 week to complete it? ​ example: A: Use 100 usernames with a huge password list of 1 million passwords B: Roughly same amount of usernames and passwords C: Use all 1 million usernames, testing each with only 100 most commonly used passwords? ​ Out of experience, which do you think would be the most effective? Author Posts You must be logged in to reply to this topic.