Password crackers usually work by having a local copy of the user/password database on your computer, so no.
Huh? Where do you think people are going to get that? Password crackers normally (poorly) function over HTTP and use multithreading to submit a form
thread count / (response time in seconds) per second. Plus, if they had a local copy of the database, you'd assume that the passwords are already hashed otherwise they could just query the DB for the password. In which case, you need to know the salt that the passwords were hashed with. You may be able to brute force something that causes a hash collision but there's no guarantee that it's the 'right' entry depending on how they salted it.
lol does that actually work against password crackers?
Websites that refuse to let you continue usually function on one (or more) of three lockouts: session (cookie) based, account based, and computer based.
The benefit of session based lockouts are that it only locks out the person trying to guess the password. These are really effective against friends typing your birthday, dog's name, mother's maiden name, etc 4 times and getting locked out. Then, they can't do anything (without sufficient technical knowledge) for 10 minutes where they can guess another 4. However, you are completely unaffected by this and can log in your house without getting a mysterious 'Account is locked. Try again in 7 minutes.' message.
The benefit of account based lockouts are that they are essentially impossible to circumnavigate. It doesn't matter where you are in the world, what computer you're on, or how many times you just guessed a password to a different account, once you've used up those guesses you have to wait the lockout. These are inconvenient for hackers AND people, since it's really a full account lockout. You can switch to your phone and try, but you'll be locked out there too. There's also the potential of getting a mysterious 'Account is locked. Try again in x minutes.' message if someone else is trying to break into your account.
The benefit of computer based locks are that they are slightly stronger than session based locks. They're like temporary IP bans. The issue is that IP isn't really a good way to identify a person on a home network. However, this type of lockout will persist through cookie resets, browser changes, computer restarts, and even usually router resets. So, it's kind of like getting the benefits of an account based lockout and the benefits of a session based lockout. However, it is still not as strong as an account based lockout.
However, the point is probably moot. This tool assumes that you are brute forcing a password on your local computer loaded into RAM. That's probably about 15 CPU cycles per guess (assuming a simple algorithm) which means a 2.5GHz processor would be making ~150 million guesses per second. Comparatively, someone making guesses to Facebook running 12 threads at a 400ms response time would be making 30 guesses per second.
