Offline password cracking is still very much a thing. They steal the entire password database then crack it offline at their leisure, not live against the regular login.
Several measures are required to defend against this:
Hash seeds defend against rainbow tables.
Password length & complexity as well as using computationally-intensive hash algorithms defend against the brute-force cracking.
Password managers help with length and complexity, sad well as promote not reusing passwords.
Offline password cracking is still very much a thing. They steal the entire password database then crack it offline at their leisure, not live against the regular login.
Several measures are required to defend against this: