This method takes a lot of time.
How it works?
- You get the email address of victim
- You gets a list of text (aaaaaaaaaaa - zzzzzzzzzzzz) and try to see if any of them is the password for the email
- Try all of the list of texts (usually MILLIONS of them) to sign in to the account
- If you can sign in, then you got it! lol
Because it is too troublesome to try one-by-one, programmers/hackers actually create a program(they call it bots) to do the testing for them. This is the reason why hotmail got that CAPTCHA whenever you tried signing in a LOT of times. :)