Retrieving credentials from a password repository that is locally accessible through password cracking. Often some form of a tool for automated cracking is used.
Guessing credentials online. Influenced by the existence of default passwords, if a proactive password checker is used, if a back-off technique is used and if a scan has been done by a network vulnerability scanner.
MultiFactorAuthentication If the credentials of a UserAccount is distributed over several Keystores, the Attacker needs to obtain all of them.