Offline cracking is password guessing performed against copied credential material, not against a live account or system. The attacker first obtains a hash, encrypted blob, or other authentication artifact, then tests guesses locally with specialized tools. Because the target is not being contacted, defenders may not see lockouts, rate limits, or normal login alerts.
This matters in cyber security because the risk depends on password strength, not on repeated online attempts. Weak, reused, or predictable passwords can be recovered quickly once extracted, while strong unique passwords are much harder to break. In Windows environments, historical credential data such as CREDHIST-related hashes can become offline-crackable if exposed and converted into a testing format. Defenses focus on reducing the value of stolen material: use long unique passwords, enable MFA, protect credential stores, and monitor for unauthorized access to DPAPI or password-history artifacts.